目前时间是:2017-01-24

本文不涉及activemq的安装

需求

activemq实时传递数据至服务 elasticsearch做索引 对外开放查询接口 完成全文检索

环境

jdk:1.8

spirng boot:1.4.3.RELEASE

elasticsearch:2.4.3

activemq:5.13.2

ES插件

head:版本好像无太大差别 能查数据就行

analysis-ik:1.10.3

search-guard-2:2.4.3.9

search-guard-ssl:2.4.3.19

注意

作者遇到的最大问题就是版本兼容 网上资料少且版本较低 故列出以下版本矩阵 方便查阅

spring boot与elasticsearch:

Spring Boot Version (x) Spring Data Elasticsearch Version (y) Elasticsearch Version (z)
x <= 1.3.5 y <= 1.3.4 z <= 1.7.2*
x >= 1.4.x 2.0.0 <=y < 5.0.0** 2.0.0 <= z < 5.0.0**

 

 

 

矩阵来源以及更多版本兼容:https://github.com/spring-projects/spring-data-elasticsearch

elasticsearch与ik:我的ES版本为2.x 对应如下

IK versionES version
master 2.4.0 -> master
1.10.3 2.4.3
1.9.5 2.3.5
1.9.4 2.3.4
1.9.3 2.3.3
1.9.0 2.3.0
1.8.1 2.2.1
1.7.0 2.1.1
1.5.0 2.0.0
1.2.6 1.0.0
1.2.5 0.90.x
1.1.3 0.20.x
1.0.0 0.16.2 -> 0.19.0

 

 

 

 

 

 

 

 

 

 

 

 

 

矩阵来源以及更多版本兼容:https://github.com/medcl/elasticsearch-analysis-ik

elasticsearch与search-guard以及search-guard-ssl:

Elasticsearch VersionLatest Search Guard VersionSearch Guard SSL VersionCommercial support available
1.x.y not available - -
2.0.x not available - -
2.1.x not available - -
2.2.0 2.2.0.7 2.2.0.16 Yes
2.3.1 available upon request - -
2.3.2 available upon request - -
2.3.3 2.3.3.10 2.3.3.19 YES
2.3.4 2.3.4.10 2.3.4.19 YES
2.3.5 2.3.5.10 2.3.5.19 YES
2.4.0 2.4.0.10 2.4.0.19 YES
2.4.1 2.4.1.10 2.4.1.19 YES
2.4.2 2.4.2.10 2.4.2.19 YES
2.4.3 2.4.3.10 2.4.3.19 YES
2.4.4 2.4.4.10 2.4.4.19 YES
5.0.0 5.0.0-10 (comes bundled since SG 5) YES
5.0.1 5.0.1-10 (comes bundled since SG 5) YES
5.0.2 5.0.2-10 (comes bundled since SG 5) YES
5.1.1 5.1.1-10 (comes bundled since SG 5) YES
5.1.2 5.1.2-10 (comes bundled since SG 5) YES

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

矩阵来源以及更多版本兼容:https://github.com/floragunncom/search-guard/wiki

开始

安装elasticsearch

我的安装目录:/usr/local

注意:elasticsearch不能用root用户运行 所以创建你的用户组和用户 切换到新用户再安装 如何创建切换 请自行搜索

wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.3/elasticsearch-2.4.3.tar.gz

tar -zxvf elasticsearch-2.4.3.tar.gz 

cd elasticsearch-2.4.3/config/

vim elasticsearch.yml 

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please see the documentation for further information on configuration options:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html>
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
  cluster.name: 你的集群名称
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
# node.name: node-1
#
# Add custom attributes to the node:
#
# node.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
# path.data: /path/to/data
#
# Path to log files:
#
# path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
# bootstrap.memory_lock: true
#
# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory
# available on the system and that the owner of the process is allowed to use this limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
  network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
# http.port: 9200
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html>
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
# discovery.zen.minimum_master_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html>
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
# gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html>
#
# ---------------------------------- Various -----------------------------------
#
# Disable starting multiple nodes on a single system:
#
# node.max_local_storage_nodes: 1
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true

我修改了两个地方 cluster.name和network.host

cd ../bin/

./elasticsearch

[2017-01-24 10:02:49,627][INFO ][node                     ] [Ariel] version[2.4.3], pid[23274], build[d38a34e/2016-12-07T16:28:56Z]
[2017-01-24 10:02:49,628][INFO ][node                     ] [Ariel] initializing ...
[2017-01-24 10:02:50,259][INFO ][plugins                  ] [Ariel] modules [reindex, lang-expression, lang-groovy], plugins [], sites []
[2017-01-24 10:02:50,279][INFO ][env                      ] [Ariel] using [1] data paths, mounts [[/ (overlay)]], net usable_space [75.3gb], net total_space [113.9gb], spins? [possibly], types [overlay]
[2017-01-24 10:02:50,279][INFO ][env                      ] [Ariel] heap size [990.7mb], compressed ordinary object pointers [true]
[2017-01-24 10:02:52,051][INFO ][node                     ] [Ariel] initialized
[2017-01-24 10:02:52,051][INFO ][node                     ] [Ariel] starting ...
[2017-01-24 10:02:52,110][INFO ][transport                ] [Ariel] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2017-01-24 10:02:52,116][INFO ][discovery                ] [Ariel] elasticsearch/MI21JVBWSbKfj9nC1V6N9w
[2017-01-24 10:02:55,166][INFO ][cluster.service          ] [Ariel] new_master {Ariel}{MI21JVBWSbKfj9nC1V6N9w}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2017-01-24 10:02:55,197][INFO ][http                     ] [Ariel] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2017-01-24 10:02:55,197][INFO ][node                     ] [Ariel] started

出现类似这样的信息 说明安装成功

安装head插件

elasticsearch根目录执行

bin/plugin install mobz/elasticsearch-head

注意:2.0以下版本应该是 -install

访问地址:http://ip:9200/_plugin/head/

安装analysis-ik插件

下载地址:https://github.com/medcl/elasticsearch-analysis-ik/tree/v1.10.3

使用maven打包:mvn clean package

生成的zip包在target/releases下

在elasticsearch-2.4.3/plugins下创建ik目录

将zip包放到该目录下并解压 解压出如下文件

 编辑elasticsearch-2.4.3/config/elasticsearch.yml配置文件 添加如下内容

index:  
      analysis:                     
        analyzer:        
          ik:  
              alias: [ik_analyzer]  
              type: org.elasticsearch.index.analysis.IkAnalyzerProvider  
          ik_max_word:  
              type: ik  
              use_smart: false  
          ik_smart:  
              type: ik  
              use_smart: true

或者

index.analysis.analyzer.ik.type : “ik”

测试:http://ip:9200/_analyze?analyzer=ik&pretty=true&text=我是中国人

安装searchguard

elasticsearch根目录执行

bin/plugin install -b com.floragunn/search-guard-2/2.4.3.9

bin/plugin install -b com.floragunn/search-guard-ssl/2.4.3.19

下载 searchguard-ssl 的包,里面包含自动创建证书的脚本:

wget https://github.com/floragunncom/search-guard-ssl/archive/v2.4.3.19.zip

unzip v2.4.3.19.zip 

cd search-guard-ssl-2.4.3.19/example-pki-scripts/

有三个脚本

gen_client_node_cert.sh 创建客户端证书
gen_node_cert.sh        创建节点证书
gen_root_ca.sh          创建根证书

编辑脚本 vim example.sh

#!/bin/bash
set -e
./clean.sh
./gen_root_ca.sh password password 
./gen_node_cert.sh 0 password  password 
./gen_node_cert.sh 1 password  password 
./gen_client_node_cert.sh admin password password 
cp truststore.jks node-0-keystore.jks /usr/local/elasticsearch-2.4.3/config/
cp truststore.jks admin-keystore.jks /usr/local/elasticsearch-2.4.3/plugins/search-guard-2/sgconfig/

./example.sh 

可以发现 最后两句就是将证书cp到相应目录

编辑elasticsearch-2.4.3/config/elasticsearch.yml配置文件 添加如下内容

#############################################################################################
#                                     SEARCH GUARD                                          #
#                                     Configuration                                         #
#############################################################################################
  security.manager.enabled: false
  searchguard.authcz.admin_dn:
   - "CN=admin, OU=client, O=client, L=Test, C=DE"

#############################################################################################
#                                     SEARCH GUARD SSL                                      #
#                                       Configuration                                       #
#############################################################################################


#############################################################################################
# Transport layer SSL                                                                       #
#                                                                                           #
#############################################################################################
# Enable or disable node-to-node ssl encryption (default: true)
# searchguard.ssl.transport.enabled: true
# JKS or PKCS12 (default: JKS)
#searchguard.ssl.transport.keystore_type: PKCS12
# Relative path to the keystore file (mandatory, this stores the server certificates), must be placed under the config/ dir
  searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
# Alias name (default: first alias which could be found)
#searchguard.ssl.transport.keystore_alias: my_alias
# Keystore password (default: changeit)
  searchguard.ssl.transport.keystore_password: password
# JKS or PKCS12 (default: JKS)
#searchguard.ssl.transport.truststore_type: PKCS12
# Relative path to the truststore file (mandatory, this stores the client/root certificates), must be placed under the config/ dir
  searchguard.ssl.transport.truststore_filepath: truststore.jks
# Alias name (default: first alias which could be found)
#searchguard.ssl.transport.truststore_alias: my_alias
# Truststore password (default: changeit)
  searchguard.ssl.transport.truststore_password: password
# Enforce hostname verification (default: true)
# searchguard.ssl.transport.enforce_hostname_verification: true
# If hostname verification specify if hostname should be resolved (default: true)
# searchguard.ssl.transport.resolve_hostname: true
# Use native Open SSL instead of JDK SSL if available (default: true)
# searchguard.ssl.transport.enable_openssl_if_available: false

在elasticsearch根目录 执行命令 将配置插入

./plugins/search-guard-2/tools/sgadmin.sh -cn 集群名称 -h hostname -cd plugins/search-guard-2/sgconfig -ks plugins/search-guard-2/sgconfig/admin-keystore.jks -kspass password -ts plugins/search-guard-2/sgconfig/truststore.jks -tspass password -nhnv

注意:elasticsearch的服务必须是运行状态

elasticsearch-2.4.3/plugins/search-guard-2/sgconfig下的配置文件是管理用户角色的

安装配置成功后 任何客户端访问elasticsearch 需提供用户名及密码

至此服务端安装结束

客户端将以源码方式提供 为公司信息安全着想 仅提供关键性代码供参考 无法运行

elasticsearch download

posted on 2017-01-25 15:56  攒钱  阅读(2039)  评论(0编辑  收藏  举报