Linux 安装部署 Elasticsearch 8.12.2
(1) root用户下进行操作,或者用sudo命令操作
- 下载安装包,解压
tar -xzf elasticsearch-8.12.2-linux-x86_64.tar.gz cd elasticsearch-8.12.2/
-
新建用户:ES为了安全考虑,不允许在root用户下启动ES程序,因此需要新建一个名为elastic的用户(可以起别的名字)
groupadd elastic useradd -g elastic elastic # 密码设置为elastic passwd elastic
-为新用户赋予文件夹权限
chown -R elastic:elastic elasticsearch-8.12.2 chmod -R 777 elasticsearch-8.12.2
-新用户添加至 sudoerslist,也可以不添加
sudo cd elasticsearch-8.12.2 visudo 添加 elastic ALL=(ALL) ALL
-配置JVM内存大小
进入config/jvm.options.d 目录,新建 jvm.options 文件, 添加以下内容
-Xms1g -Xmx1g
- 安装IK分词器(如果有中文搜索分词需求)
上传ik压缩包到 elasticsearch 目录,解压到 /plugins/ik 文件夹中cd /elasticsearch-8.12.2/plugins/ mkdir ik cd ik cp /tmp/elasticsearch-analysis-ik-8.12.2.zip . unzip elasticsearch-analysis-ik-8.12.2.zip
-
更改优化服务器配置
修改 /etc/security/limits.conf 配置文件,添加以下内容并保存。* soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096
修改 /etc/sysctl.conf 配置文件,添加以下内容并保存,
vm.max_map_count=655360
用 sysctl -p命令使修改生效。
sysctl -p
调整文件打开数限制
ulimit -HSn 65535
-配置安全证书
执行以下命令(提示输入文件名时回车跳过,会使用默认文件名,提示输入密码时输入elastic或者其他字符串作为密码)# 签发ca证书 cd /elasticsearch-8.12.2/bin ./elasticsearch-certutil ca # 用ca证书签发节点证书 cd /elasticsearch-8.12.2/bin ./elasticsearch-certutil cert --ca elastic-stack-ca.p12 # 证书默认在elasticsearch-8.12.2目录生成,将证书放到certs目录(config目录下手动创建certs目录) cd /elasticsearch-8.12.2 mv elastic-certificates.p12 elastic-stack-ca.p12 config/certs
-
修改配置文件
进入config 目录,编辑 elasticsearch.yml 文件, 修改或添加以下内容# ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # 集群名称 cluster.name: ES # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # # 具体节点的名称 node.name: node1 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # # 节点IP地址(主机的IP地址) network.host: 0.0.0.0 # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # http.port: 9200 # # 配置跨域 http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # # # Bootstrap the cluster using an initial set of master-eligible nodes: # # # For more information, consult the discovery and cluster formation module documentation. # #----------------------- BEGIN SECURITY AUTO CONFIGURATION ----------------------- # # The following settings, TLS certificates, and keys have been automatically # generated to configure Elasticsearch security features on 12-12-2023 00:39:26 # # -------------------------------------------------------------------------------- # Enable security features xpack.security.enabled: true xpack.security.enrollment.enabled: true # Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents # 初始化密码之前需要设置为false,不然会报证书错误 xpack.security.http.ssl: enabled: true keystore.path: certs/elastic-stack-ca.p12 # Enable encryption and mutual authentication between cluster nodes xpack.security.transport.ssl: enabled: true verification_mode: certificate keystore.path: certs/elastic-certificates.p12 truststore.path: certs/elastic-certificates.p12 # Create a new cluster with the current node only # Additional nodes can still join the cluster later # 启动的时候使用一个master节点 cluster.initial_master_nodes: ["node1"] #----------------------- END SECURITY AUTO CONFIGURATION ------------------------- # Allow other nodes to join the cluster from anywhere # Connections are encrypted and mutually authenticated transport.host: 0.0.0.0 ingest.geoip.downloader.enabled: false
-再次分配文件夹权限(保证新用户权限覆盖文件夹中所有新生成的文件)
chown -R elastic:elastic elasticsearch-8.12.2 chmod -R 777 elasticsearch-8.12.2
(2) 新用户下进行
执行以下命令,提示输入密码时输入elastic,即生成安全证书时设置的密码
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password ./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password ./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password ./bin/elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password
-启动节点
# 切换新用户 su elastic cd elasticsearch-8.12.2/bin ./elasticsearch
-启动成功后,节点启动页面会打印如下信息,分别是系统为 elastic 用户生成的密码,CA证书指纹,用于连接 kibana 的 token , 用于给集群添加新节点的 token。建议保存下来,两个 token 有 30min 有效时间,可以不保存,需要时再用下面的命令重新生成
✅ Elasticsearch security features have been automatically configured! ✅ Authentication is enabled and cluster connections are encrypted. ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`): *_LNlFhqK5ULjbCyEYee ℹ️ HTTP CA certificate SHA-256 fingerprint: 6aea402bdf44d4f64d77b9c01ac87904264c07943a4087af0492e84247f9ab86 ℹ️ Configure Kibana to use this cluster: • Run Kibana and click the configuration link in the terminal when Kibana starts. • Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes): eyJ2ZXIiOiI4LjUuMCIsImFkciI6WyIxMC40MC4wLjA6OTIwMCJdLCJmZ3IiOiI2YWVhNDAyYmRmNDRkNGY2NGQ3N2I5YzAxYWM4NzkwNDI2NGMwNzk0M2E0MDg3YWYwNDkyZTg0MjQ3ZjlhYjg2Iiwia2V5IjoiOE5RU1hJd0JkcGJWLTFXV3ZKdVY6VkRPYTJIOWdTNjIxdGVWbkFjTFRDQSJ9 ℹ️ Configure other nodes to join this cluster: • Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes): eyJ2ZXIiOiI4LjUuMCIsImFkciI6WyIxMC40MC4wLjA6OTIwMCJdLCJmZ3IiOiI2YWVhNDAyYmRmNDRkNGY2NGQ3N2I5YzAxYWM4NzkwNDI2NGMwNzk0M2E0MDg3YWYwNDkyZTg0MjQ3ZjlhYjg2Iiwia2V5IjoiOHRRU1hJd0JkcGJWLTFXV3ZKdXU6SXJObjMtVUxSanlSek4wdzRPOGtoUSJ9
生成kibana连接token的命令
./bin/elasticsearch-create-enrollment-token -f --scope kibana -E xpack.security.http.ssl.verification_mode=certificate
生成用于添加新节点的token的命令
./bin/elasticsearch-create-enrollment-token -f --scope node -E xpack.security.http.ssl.verification_mode=certificate
-关闭节点
# 如果没有以守护进程的方式启动,直接ctrl+c就可以关闭程序 # 如果以守护进程的方式启动则需要查询进程PID再杀死进程关闭程序 ps -ef | grep elasticsearch kill -9 <进程PID>
-配置服务
su root cd /etc/init.d ###配置服务脚本的目录 vim elastic ###写入如下内容
#!/bin/bash ES_HOME=/usr/local/elasticsearch-8.12.2 EXEC=${ES_HOME}/bin/elasticsearch PIDFILE=${ES_HOME}/elastic.pid LOG_DIR=${ES_HOME}/logs LOG_FILE=${LOG_DIR}/elastic.log # 创建日志目录 mkdir -p $LOG_DIR start_elastic() { if [ -f $PIDFILE ]; then echo "Elasticsearch is already running with PID $(cat $PIDFILE)." else echo "Starting Elasticsearch..." su - elastic -c "nohup $EXEC >> $LOG_FILE 2>&1 & echo \$! > $PIDFILE" echo "Elasticsearch started with PID $(cat $PIDFILE)." fi } stop_elastic() { if [ -f $PIDFILE ]; then PID=$(cat $PIDFILE) echo "Stopping Elasticsearch with PID $PID..." kill $PID # 等待Elasticsearch进程结束 sleep 10 # 检查进程是否仍在运行 if pgrep -F $PIDFILE > /dev/null; then echo "Elasticsearch could not be stopped gracefully, killing forcefully..." pkill -F $PIDFILE fi # 删除PID文件 rm $PIDFILE echo "Elasticsearch stopped." else echo "Elasticsearch is not running." fi } case "$1" in start) start_elastic ;; stop) stop_elastic ;; restart|force-reload) stop_elastic sleep 3 start_elastic ;; *) echo "Usage: $0 {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0
-启动
# 启动服务
service elastic start
# 停止服务
service elastic stop
# 重启服务
service elastic restart
进入 https://xxx.xx.xx.xxx:9200/ 查看节点是否启动成功
1. 本站所有资源来源于用户上传和网络,如有侵权请及时联系删除,本站不承担任何法律责任!
2. 分享目的仅供大家学习和研究,您必须在下载后24小时内删除!
3. 不得使用于非法商业用途,不得违反国家法律。否则后果自负!
4. 本站提供的教程、源码等等其他资源,都不包含技术服务请大家谅解!
5. 如有链接无法下载、失效或广告,请联系管理员处理!
6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
7. 如遇到加密压缩包,默认解压密码为"www.94zyw.com",如遇到无法解压的请联系管理员!
94资源网 » Linux 安装部署 Elasticsearch 8.12.2
2. 分享目的仅供大家学习和研究,您必须在下载后24小时内删除!
3. 不得使用于非法商业用途,不得违反国家法律。否则后果自负!
4. 本站提供的教程、源码等等其他资源,都不包含技术服务请大家谅解!
5. 如有链接无法下载、失效或广告,请联系管理员处理!
6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
7. 如遇到加密压缩包,默认解压密码为"www.94zyw.com",如遇到无法解压的请联系管理员!
94资源网 » Linux 安装部署 Elasticsearch 8.12.2