Linux安装ElastSearch
Linux安装ES
准备好Linux系统,软件安装前需要对当前系统做一些优化配置
系统配置修改
一、内存优化
在
/etc/sysctl.conf
添加如下内容:
- fs.file-max=655360 系统最大打开文件描述符数
- vm.max_map_count=655360 限制一个进程拥有虚拟内存区域的大小
sysctl -p
生效
[root@localhost /] vi /etc/sysctl.conf [root@localhost /] cat /etc/sysctl.conf fs.file-max=655360 vm.max_map_count=655360 [root@localhost /] sysctl -p fs.file-max = 655360 vm.max_map_count = 655360
二、修改最大文件打开数量
修改
/etc/security/limits.conf
文件
(nofile)最大开打开文件描述符
(nproc)最大用户进程数
(memlock)最大锁定内存地址空间
[root@localhost /] vi /etc/security/limits.conf * soft nofile 65536 * hard nofile 65536 * soft nproc 65536 * hard nproc 65536 * soft memlock unlimited * hard memlock unlimited
三、进程数限制
修改
/etc/security/limits.d/90-nproc.conf
将1024修改为65536
重新登陆
ulimit -a
查看是否生效系统差异有的可能是
20-nproc.conf
[root@localhost /] vi /etc/security/limits.d/90-nproc.conf * soft nproc 65536 root soft nproc unlimited [root@localhost ~] ulimit -u 65536
完成以上配置需要重启服务器
reboot
ElasticSearch安装
⚠️ 自行下载相应版本安装包安 https://www.elastic.co/cn/downloads/past-releases#elasticsearch ,装
ES
之前确保已经安装了jdk
环境。启动ES服务时,不能使用root账号启动,切换创建的用户
一、上传解压重命名
将ES压缩包上传到
/home/
下
[root@localhost home] cd /home/ [root@localhost home] pwd /home [root@localhost home] ll 总用量 338228 -rw-r--r--. 1 root root 346342976 3月 15 14:47 elasticsearch-7.15.0-linux-aarch64.tar.gz
解压压缩包
[root@localhost home] tar -zxf elasticsearch-7.15.0-linux-aarch64.tar.gz [root@localhost home]# ll 总用量 338228 drwxr-xr-x. 9 root root 155 9月 16 11:07 elasticsearch-7.15.0 -rw-r--r--. 1 root root 346342976 3月 15 14:47 elasticsearch-7.15.0-linux-aarch64.tar.gz
重命名文件夹
[root@localhost home] mv elasticsearch-7.15.0 elasticsearch
创建快照路径
[root@localhost home] mkdir -p /home/elasticsearch/snapshot/
二、创建用户并授权
> 创建`es_user` 组 创建 `es_user`用户 设置用户密码 ```shell [root@localhost home] groupadd es_user [root@localhost home] useradd es_user -g es_user [root@localhost home] passwd es_user 更改用户 es_user 的密码 。 新的 密码: 无效的密码: 密码少于 8 个字符 重新输入新的 密码: passwd:所有的身份验证令牌已经成功更新。 ``` > 将文件`elasticsearch `的拥有者设为 `es_user` ```shell [es_user@localhost home] chown -R es_user:es_user elasticsearch [es_user@localhost home] ll 总用量 338228 drwxr-xr-x. 9 es_user es_user 155 9月 16 11:07 elasticsearch -rw-r--r--. 1 root root 346342976 3月 15 14:47 elasticsearch-7.15.0-linux-aarch64.tar.gz drwx------. 2 es_user es_user 62 3月 15 15:18 es_user ```
三、修改配置文件
切换当前用户
[es_user@localhost home] su es_user
修改配置文件
vi /home/elasticsearch/config/elasticsearch.yml
# 集群名称,同一个集群其他节点名称要和主节点相同 cluster.name: my-application # 节点名称唯一,每一个节点都需不同 node.name: node-1 # 快照备份路径 path.repo: /home/elasticsearch/snapshot/ # 数据存放路径,默认 es 根目录下 可选 #path.data: /path/to/data # 日志存放路径,默认 es 根目录下 可选 #path.logs: /path/to/logs # true主节点 子节点 false node.master: true # 绑定 IP 当前主机IP 或 0.0.0.0 network.host: 0.0.0.0 # 端口 http.port: 9200 # 集群发现,集群需要配置 #discovery.seed_hosts: ["127.0.0.1"] # 各个节点列表,集群需要配置 cluster.initial_master_nodes: ["node-1"] # 开启系统监控日志收集 xpack.monitoring.collection.enabled: true # 数据保留时间默认 7天 xpack.monitoring.history.duration: 7d xpack.ml.enabled: false
四、启动ES服务
ES根目录下的
bin
目录启动es
[es_user@localhost home] cd elasticsearch/bin/
启动ES,进入ES
./bin
目录下执行; -d 后台运行
[es_user@localhost bin] ./elasticsearch -d
验证是否启动成功,输出以下信息证明启动成功
[root@localhost ~] curl http://127.0.0.1:9200 { "name" : "node-1", "cluster_name" : "my6666", "cluster_uuid" : "_na_", "version" : { "number" : "7.15.0", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "79d65f6e357953a5b3cbcc5e2c7c21073d89aa29", "build_date" : "2021-09-16T03:05:29.143308416Z", "build_snapshot" : false, "lucene_version" : "8.9.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }
ES开启SSL加密传输
在开启SSL认证之前,请确认您的ES服务器可以成功启动,以及相关环境配置都没有问题,使用
es_user
用户进行操作
生成证书
进入ES安装路径下,
pwd
查看当前路径,请勿使用root账号操作,切换至普通用户或es用户
[root@localhost elasticsearch] pwd /home/elasticsearch
生成ca授权证书
[es_user@localhost elasticsearch]$ ./bin/elasticsearch-certutil ca Please enter the desired output file [elastic-stack-ca.p12]: 回车即可 Enter password for elastic-stack-ca.p12 : 回车即可
查看当前目录会生成一个
elastic-stack-ca.p12
证书文件
[es_user@localhost elasticsearch]$ ls bin config elastic-stack-ca.p12 lib LICENSE.txt logs modules NOTICE.txt plugins README.asciidoc
基于证书生成秘钥证书
[es_user@localhost elasticsearch]$ ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 Enter password for CA (elastic-stack-ca.p12) : 回车即可 Please enter the desired output file [elastic-certificates.p12]: 回车即可 Enter password for elastic-certificates.p12 :回车即可
查看当前目录会生成一个
elastic-certificates.p12
证书
[es_user@localhost elasticsearch]$ ls bin config elastic-certificates.p12 elastic-stack-ca.p12 lib LICENSE.txt logs modules NOTICE.txt plugins README.asciidoc
根据证书文件导出一份CA公钥文件,用于后续各应用配置文件(filebeat,logstash)中引用CA公钥时使用:
[es_user@localhost elasticsearch]$ openssl pkcs12 -clcerts -nokeys -in elastic-stack-ca.p12 -out ca.pem
在当前目录的
config
目录下创建一个certs
目录用于存放证书文件
[es_user@localhost elasticsearch]$ mkdir -p config/certs
拷贝当前证书文件
elastic-certificates.p12
到config/certs
并查看是否拷贝成功
[es_user@localhost elasticsearch]$ cp elastic-certificates.p12 config/certs/ [es_user@localhost elasticsearch]$ ls config/certs/ elastic-certificates.p12
添加SSL证书
添加证书时需要先停止ES服务
通过以下命令查看ES是否启动,如果启动使
kill -9 进程pid
结束进程,如下所示当前ES并未启动
[es_user@localhost elasticsearch]$ ps -ef|grep elasticsearch es_user 9616 116449 0 14:44 pts/2 00:00:00 grep --color=auto elasticsearch
编辑
config/elasticsearch.yml
配置文件
[es_user@localhost elasticsearch]$ vi config/elasticsearch.yml
在配置文件底部增加以下内容
# 开启安全验证 xpack.security.enabled: true # 设置密码时改配置为false,设置成功将此配置设置为true,并且重启服务 xpack.security.http.ssl.enabled: false xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
启动ES服务
./bin/elasticsearch
前台启动,窗口关闭服务停止,./bin/elasticsearch -d
后台启动
[es_user@localhost elasticsearch]$ ./bin/elasticsearch
生成账号密码
执行以下命令系统自动生成不同角色账号,在执行命令时需要等待ES完全启动成功,
elastic
账号类似root账号有系统最高权限。将该账号信息配置到Javaapplication-xxx.yaml
配置中,生成成功后妥善保管所有账号密码
[es_user@localhost elasticsearch]$ ./bin/elasticsearch-setup-passwords auto warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME Future versions of Elasticsearch will require Java 11; your Java version from [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set. Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Changed password for user apm_system PASSWORD apm_system = Gy2A1L9QPNArAEFdgLSq Changed password for user kibana_system PASSWORD kibana_system = bvkPOKij4H0peAtGICjY Changed password for user kibana PASSWORD kibana = bvkPOKij4H0peAtGICjY Changed password for user logstash_system PASSWORD logstash_system = Cw8pWQpqQWF0pvHfmZqo Changed password for user beats_system PASSWORD beats_system = qIqZTl8jNDuys39zUxOF Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = BMg3JiXs4PauCnTNGdYW Changed password for user elastic PASSWORD elastic = j80MPels5jfrf9E7PM89
重启ES服务
重启之前,先停掉ES服务,修改配置文件,开启SSL认证
到此ES SSL加密结束
[es_user@localhost elasticsearch]$ vi config/elasticsearch.yml xpack.security.http.ssl.enabled: true [es_user@localhost elasticsearch]$ ./bin/elasticsearch
完整配置文件示例
# 集群名称 cluster.name: big_data # 节点名称 node.name: node-1 # 主节点 node.master: true # 绑定IP地址 network.host: 192.168.0.114 # 端口 http.port: 9200 # 集群发现 discovery.seed_hosts: ["192.168.0.114"] # 集群主节点 cluster.initial_master_nodes: ["node-1"] # 快照备份路径 path.repo: /home/elasticsearch/snapshot/ # 开启系统监控日志收集 xpack.monitoring.collection.enabled: true # 数据保留时间默认 7天 xpack.monitoring.history.duration: 7d # 关闭ES机器学习 xpack.ml.enabled: false # 开启系统安全 xpack.security.enabled: true xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.http.ssl.client_authentication: "optional" xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· 清华大学推出第四讲使用 DeepSeek + DeepResearch 让科研像聊天一样简单!
· 实操Deepseek接入个人知识库
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库