리눅스 Elasticsearch 설치 - ELK Stack 설치(1)

모니터링 시스템 구축 과정에서 로그 저장을 위해 ELK Stack(Elasticsearch, Logstash, Kibana) 중 하나인 Elasticsearch를 설치하였습니다.
이번 게시글에서는 Rocky Linux 8.X 환경에서 Elasticsearch 8.X 버전을 설치하는 과정을 소개하고자 합니다. 

1. Java 설치 (OpenJDK 설치)

Elasticsearch 설치를 위해서는 Java11 이상이 필요한데, Elasticsearch 7버전 부터는 OpenJDK 파일이 포함되어 있습니다. 저는 관리하는 서버와 같은 구성으로 OpenJDK 17버전을 사용 중입니다.
https://www.openlogic.com/openjdk-downloads

 

# openjdk 설치 경로 /usr/java 
$ tar xvzf openjdk-17.0.9_linux-x64_bin.tar.gz
$ mv openjdk-17.0.9_linux-x64-bin /usr/java/openjdk-17.0.9

# java path 설정
$ vi /etc/profile 
JAVA_HOME=/usr/java/openjdk-17.0.9
PATH=$PATH:$JAVA_HOME/bin
CLASSPATH=$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
export JAVA_HOME PATH CLASSPATH

$ source /etc/profile

 

 

2. Elasticsearch 설치파일 다운로드

Elasticsearch 설치파일은 공식 사이트에서 다운로드 받으면 됩니다.

https://www.elastic.co/kr/downloads/elasticsearch

# 서버에서 바로 설치파일 다운로드
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.11.1-linux-x86_64.tar.gz
$ mkdir /app
$ tar xvzf elasticsearch-8.11.1-linux-x86_64.tar.gz
$ mv elasticsearch-8.11.1 /app/elasticseach 

 

3. Elasticsearch 환경 설정

3-1. Elasticsearch 설치 계정 생성 및 권한 부여

$ sudo useradd -r -s /sbin/nologin swadm # 계정명은 자유
$ sudo chown -R swadm:swadm /app/elasticsearch

3-2. Elasticsearch 서비스 등록 (systemctl)

systemd로 Elasticsearch 관리를 하기 위해 서비스로 등록합니다.

• /usr/lib/systemd/system/elasticsearch.service파일 생성

[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
# the elasticsearch process currently sends the notifications back to systemd
# and for some reason exec does not work (even though it is a child). We should change
# this notify access back to main (the default), see https://github.com/elastic/elasticsearch/issues/86475
NotifyAccess=all
#RuntimeDirectory=/app/elasticsearch
PrivateTmp=true
Environment=ES_HOME=/app/elasticsearch
Environment=ES_PATH_CONF=/app/elasticsearch/config
Environment=PID_DIR=/app/elasticsearch/run
Environment=ES_SD_NOTIFY=true
EnvironmentFile=-/app/elasticsearch/config/elasticsearch.conf
WorkingDirectory=/app/elasticsearch

User=swadm
Group=swadm

ExecStart=/app/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet

# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535

# Specifies the maximum number of processes
LimitNPROC=4096

# Specifies the maximum size of virtual memory
LimitAS=infinity

# Specifies the maximum file size
LimitFSIZE=infinity

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0

# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM

# Send the signal only to the JVM rather than its control group
KillMode=process

# Java process is never killed
SendSIGKILL=no

# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143

# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=900

[Install]
WantedBy=multi-user.target

# Built for packages-8.11.1 (packages)

 

# 수정사항 반영 및 서비스 자등시작 등록 
systemctl daemon-reload
systemctl enable elasticsearch

 

3-3. Elasticsearch 옵션 설정

elasticsearch.yml 파일에서 Elasticsearch의 데이터 관리 파일 경로, 로그 경로 등을 설정할 수 있습니다.

 

설치 경로 내 config 디렉토리 안에는 elasticsearch.yml 파일을 수정합니다.
(ex. /app/elasticsearch/config/elasticsearch.yml)

• cluster.name : Elasticsearch 클러스터를 구성시 클러스터명을 설정할 수 있습니다.
• node.name : 노드의 이름을 설정할 수 있습니다.
• path.data : 색인된 데이터를 저장하는 경로를 지정합니다. 배열 형태로 여러 개의 경로를 설정할 수 있습니다.
• path.logs : Elasticsearch 실행 로그를 저장하는 경로를 지정합니다.

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: IR-GRAFANA
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: IR-GRAFANA
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /data/elasticsearch
#
# Path to log files:
#
path.logs: /log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.seed_hosts: ["127.0.0.1", "[::1]"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["IR-GRAFANA"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 04-12-2023 04:24:32
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/IR-GRAFANA.p12
  truststore.path: certs/IR-GRAFANA.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/IR-GRAFANA.p12
  truststore.path: certs/IR-GRAFANA.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
# cluster.initial_master_nodes: ["IR-GRAFANA"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

 

3-4. Elasticsearch 시작

systemctl start elasticsearch