elasticsearch linux 上安装

以下对应版本 8.11.3

1、下载安装包,放到服务器指定目录下:

 2、解压,到指定文件夹 命令 tar  -xzf  elasticsearch-8.11.3-linux-x86_64.tar.gz

3、创建用户并授权:

sudo useradd es

sudo passwd es

用户授权指定目录权限: chown -R es:es /opt/module/es-7.8.0

 给新创建的普通用户设置sudo权限  vim /etc/sudoers

在root ALL(ALL) ALL下面新增
es ALL=(ALL) ALL

或:

# 使用root用户执行
visudo
# 在 root ALL(ALL) ALL下面新增
es ALL=(ALL) ALL

 4、  前置准备

每个进程可以打开的文件数的限制    vim /etc/security/limits.conf  末尾新增:

es soft nofile 65536

es hard nofile 65536

每个进程可以打开的文件数的限制;操作系统级别对每个用户创建的进程数的限制

vim /etc/security/limits.d/20-nproc.conf

es soft nofile 65536

es hard nofile 65536

* hard nproc 4096     注:* 带表 Linux 所有用户名称

sudo vim /etc/sysctl.conf

一个进程可以拥有的 VMA(虚拟内存区域)的数量,默认值为 65536

vm.max_map_count=655360

保存后执以下命令使配置生效  

sudo sysctl -p

5、修改JVM配置 根据实际情况修改-修改 elasticsearch.yml  配置参数  

##

-Xms1g -

Xmx1g

##

主要修改以下参数值

复制代码
cluster.name: my-application

node.name: node-1

path.data: ./data

path.logs: ./logs

network.host: 0.0.0.0

http.port: 9200

cluster.initial_master_nodes: ["node-1"]
复制代码

Note:cluster.initial_master_nodes必须配置(即使名字跟默认的一样,也要放开注释),否则启动失败,失败日志「elasticsearch.log」说如下:

 

复制代码

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false


# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents xpack.security.http.ssl: enabled: false keystore.path: certs/http.p12 # Enable encryption and mutual authentication between cluster nodes xpack.security.transport.ssl: enabled: false verification_mode: certificate keystore.path: certs/transport.p12 truststore.path: certs/transport.p12
复制代码

 https配置为 false

新版本下,不配置ssl可能不能添加密码,相关配置如下:

1)通过如下命令创建CA

./bin/elasticsearch-certutil ca 

2)颁发证书

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 

执行成功后后在节点路径中会增加 elastic-certificates.p12 和 elastic-stack-ca.p12 文件,

3)将这两个文件移动到 config 目录中

4)配置文件中:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: 123qwe
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.password: 123qwe

6、启动es--在es用户下面执行

bin/elasticsearch -d

jps

ps -ef | grep es

 

命令行验证:

curl 127.0.0.1:9200

带密码:

curl -u elastic:"password"  127.0.0.1:19210

 

 

7、重启: 

ps -ef|gerp elastic 

kill -9  xxxx

 

8、重启脚本

复制代码
#!/bin/bash
#chkconfig: 2345 54 26
#description: elasticsearch
#processname: elasticsearch

ES_HOME=/var/local/elasticsearch

start(){                           
        su - es -c "$ES_HOME/bin/elasticsearch -d -p pid"
        echo "es is started"
}
stop(){                                
        pid=`cat $ES_HOME/pid`
        kill -9 $pid
        echo "es is stopped"
}
status(){
        ps aux | grep $ES_HOME
}
restart(){              
        stop
        sleep 1
        start
}
case "$1" in        
"start")
        start      
        ;;
"stop")            
        stop
        ;;
"status")
        status
        ;;
"restart")            
        restart
        ;;
*)      
        echo "支持指令:$0 start|stop|restart|status"
        ;;
esac
复制代码

/etc/init.d目录下创建启动、关闭服务的脚本,脚本中要设置运行级别、启动优先级、关闭优先级

chmod +x /etc/init.d/xxx

 # 添加开机自启 chkconfig --add xxx

# 状态设置为启动 chkconfig xxx on

service elastic status

service elastic start

service elastics stop

 

 

9、添加密码:

修改配置文件: xpack.security.enabled: true   重启生效

 

 

执行命令:

./bin/elasticsearch-setup-passwords interactive

报错处理

复制代码
当elasticsearch 设置用户名密码认证:

[elk@goya config]$ elasticsearch-setup-passwords interactive

Failed to authenticate user 'elastic' against https://192.168.88.3:9200/_security/_authenticate?pretty
Possible causes include:
 * The password for the 'elastic' user has already been changed on this cluster
 * Your elasticsearch node is running against a different keystore
   This tool used the keystore at /usr/local/elasticsearch/config/elasticsearch.keystore

You can use the `elasticsearch-reset-password` CLI tool to reset the password of the 'elastic' user
ERROR: Failed to verify bootstrap password

[elk@goya config]$ elasticsearch-reset-password -u elastic
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y


Password for the [elastic] user successfully reset.
New value: Kzp6I0Jvo8cS9EBRWe24(系统自动生成的密码)

说明:如果想设置自己想用的密码需要加参数-i

[root@goya1 certs]# elasticsearch-reset-password -u elastic -i
warning: ignoring JAVA_HOME=/app/elasticsearch/jdk; using bundled JDK
This tool will reset the password of the [elastic] user.
You will be prompted to enter the password.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Re-enter password for [elastic]: 
Password for the [elastic] user successfully reset.
复制代码

 

 

10、用户设置

下面对于用户设置

1. 内置用户

执行下面对应命令,重置密码(自动生成)

bin/elasticsearch-reset-password --batch --user elastic
bin/elasticsearch-reset-password --batch --user logstash_system 
bin/elasticsearch-reset-password --batch --user kibana_system

若是需要自己指定密码

利用重置的密码,去修改为自己需要的密码,注意,url里对应的用户, password 为

curl -XPUT -u elastic(用户):"otpKRXJZqe9Dzs5iXTjO"(密码) 'http://localhost:9200/_security/user/elastic(对应用户)/_password' -H "Content-Type: application/json" -d '{ "password": "1234qwer."(需要修改的密码)}'
2. 自己添加用户

创建 kibana_system用户

bin/elasticsearch-users useradd zhyqin (添加用户)

赋角色权限: 这一步要执行,不然无法访问
bin/elasticsearch-users roles -a superuser zhyqin ( 超级管理员角色)
bin/elasticsearch-users roles -a kibana_system zhyqin (kibana的用户角色 )

创建 logstash用户
bin/elasticsearch-users useradd logstash_zhyqin
bin/elasticsearch-users roles -a superuser logstash_zhyqin
bin/elasticsearch-users roles -a logstash_system logstash_zhyqin

自己创建用户密码修改

bin/elasticsearch-users passwd logstash_system

3. 测试是否能访问

es容器内测时

curl -u logstash_zhyqin:"1234qwer." 'http://localhost:9200/'

其他容器测试访问es
curl -u zhyqin:"1234qwer." 'http://elasticsearch:9200'

 

 

参考博客:https://blog.csdn.net/m0_52735414/article/details/128847505

参考链接:https://blog.csdn.net/shinexunmeng/article/details/132179443 

 

 

posted @   leolzi  阅读(1799)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 【.NET】调用本地 Deepseek 模型
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· DeepSeek “源神”启动!「GitHub 热点速览」
· 我与微信审核的“相爱相杀”看个人小程序副业
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
历史上的今天:
2023-01-10 JVM 调整和优化
点击右上角即可分享
微信分享提示