ElasticSearch 运维

RPM安装：https://www.elastic.co/guide/en/elasticsearch/reference/8.7/rpm.html

检查：curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

HOME: /usr/share/elasticsearch

配置：/etc/elasticsearch

日志：/var/log/elasticsearch/

数据：/var/lib/elasticsearch

配置2：/etc/sysconfig/elasticsearch

 

prod   app2

--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : XVZNenXhlsFWJh6TtH_X

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
[/usr/lib/tmpfiles.d/elasticsearch.conf:1] Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.

 

Kibana

./elasticsearch-reset-password -u kibana_system --auto

 

kibana.yml

   elasticsearch.username: "kibana_system"

   elasticsearch.password: "m_*De+pU_+oPQEeM6q=K"

   elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt" ]    ←  from /etc/elasticsearch/certs/http_ca.crt

 

=========================

https://hakanmazi123.medium.com/online-installation-elasticsearch-and-kibana-to-ubuntu-97ca71d869e2  OKK

Online Installation Elasticsearch and Kibana to Ubuntu

 

Hi everyone, In this article I will share Elasticsearch-8.* and Kibana-8.* installation step by step on the same Ubuntu20.04 operating system.

I allready have Ubuntu20.04 operating system on my vmware tool. I assume you are allready have one Ubuntu operating system too or other linux operating systems(some codes are different).

Online Installation for Elasticsearch-8.*

Download and install the public signing key. Use the wget command to pull the public signing key:

elastic3@e3:~$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

You may need to install the apt-transport-https package on Debian before proceeding:

elastic3@e3:~$ sudo apt-get install apt-transport-https

Save the repository definition to /etc/apt/sources.list.d/elastic-8.x.list:

elastic3@e3:~$ echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

Update the ubuntu packages Then, run the elasticsearch installation. After installation you will see the password for elastic superuser on the terminal. Keep save that password.

elastic3@e3:~$ sudo apt update && sudo apt install elasticsearch
-- Security autoconfiguration information --

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : iu9kkDA9sdfasdfasMckG*

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

After elasticsearch installation. http_ca.crt and http.p12 and transport.p12 files will be create automatically under /etc/elasticsearch/certs directory.

Now let’s configure the elasticsearch.yml file under the /etc/elasticsearch/ directory. My ip is 192.168.41.146 so setthe network.host with this ip(you should set your ip).

elastic3@e3:~$ sudo nano /etc/elasticsearch/elasticsearch.yml# Use a descriptive name for your cluster:
cluster.name: elasticsearch
# Use a descriptive name for the node:
node.name: elastic3# By default Elasticsearch is only accessible on localhost. Set a different. address here to expose this node on the network:
network.host: 192.168.41.146

# finds starting at 9200. Set a specific HTTP port here:
http.port: 9200path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, 
# and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["elastic3"]# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

After configuration elasticsearch.yml file then start Elasticsearch using below commands.

# Execute the following statements to configure elasticsearch service to start automatically using systemd
elastic3@e3:~$ sudo systemctl daemon-reload
elastic3@e3:~$ sudo systemctl enable elasticsearch.service
# You can start elasticsearch service by executing
elastic3@e3:~$ sudo systemctl start elasticsearch.service

Let’s check elasticsearch on any web browser. You have to use https request.

Online Installation for Kibana-8.*

Download and install the public signing key. (If you allready run this code for elasticsearch pass this area)

elastic3@e3:~$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

You may need to install the apt-transport-https package on Debian before proceeding. (If you allready run this code for elasticsearch pass this area)

elastic3@e3:~$ sudo apt-get install apt-transport-https

Save the repository definition to /etc/apt/sources.list.d/elastic-8.x.list(If you allready run this code for elasticsearch pass this area)

elastic3@e3:~$ echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

You can install the Kibana debian package with below commands

elastic3@e3:~$ sudo apt-get update && sudo apt-get install kibana
Hit:1 <http://tr.archive.ubuntu.com/ubuntu> focal InRelease
Hit:2 <http://tr.archive.ubuntu.com/ubuntu> focal-updates InRelease
Hit:3 <http://tr.archive.ubuntu.com/ubuntu> focal-backports InRelease
Hit:4 <http://tr.archive.ubuntu.com/ubuntu> focal-security InRelease
Hit:5 <https://artifacts.elastic.co/packages/8.x/apt> stable InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  kibana
0 upgraded, 1 newly installed, 0 to remove and 57 not upgraded.
Need to get 259 MB of archives.
After this operation, 632 MB of additional disk space will be used.
Get:1 <https://artifacts.elastic.co/packages/8.x/apt> stable/main amd64 kibana amd64 8.2.2 [259 MB]
Fetched 259 MB in 1min 31s (2,855 kB/s)
Selecting previously unselected package kibana.
(Reading database ... 109445 files and directories currently installed.)
Preparing to unpack .../kibana_8.2.2_amd64.deb ...
Unpacking kibana (8.2.2) ...
Setting up kibana (8.2.2) ...
Creating kibana group... OK
Creating kibana user... OK
Created Kibana keystore in /etc/kibana/kibana.keystore

To configure Kibana to start automatically when the system starts, run the following commands. Kibana can be started as follows:

elastic3@e3:~$ sudo /bin/systemctl daemon-reload
elastic3@e3:~$ sudo /bin/systemctl enable kibana.service
elastic3@e3:~$ sudo systemctl start kibana.service

Check the kibana status

elastic3@e3:~$ sudo systemctl status kibana.service

These commands provide no feedback as to whether Kibana was started successfully or not. Log information can be accessed via journalctl -u kibana.service.

Create a directory called certs under the /etc/kibana path.

elastic3@e3:~$ sudo mkdir /etc/kibana/certs

Copy http_ca.crt file from /etc/elasticsearch/certs/http_ca.crt to certs directory under the /etc/kibana/ path using below command.

elastic3@e3:~$ sudo cp /etc/elasticsearch/certs/http_ca.crt  /etc/kibana/certs/

Generate password for kibana_system using below command.

elastic3@e3:~$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u kibana_system
New value: C3lK1sdsafassdRrtjqB

Configure the kibana.yml file under /etc/kibana path.

elastic3@e3:~$ sudo nano /etc/kibana/kibana.yml# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601# Allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.41.146"# Specifies the public URL at which Kibana is available for end users. If
#`server.basePath` is configured this URL should end with the same basePath.
server.publicBaseUrl: "http://192.168.41.146"# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["https://192.168.41.146:9200"]# Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "C3lK1sdsafassdRrtjqB"# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/http_ca.crt" ]# Enables you to specify a file where Kibana stores log output.
logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - filepid.file: /run/kibana/kibana.pid

Start kibana.service

elastic3@e3:~$ sudo systemctl start kibana.service

Let’s check kibana on any web browser. You can search http://your_ip:5601 adress on google chrome. To enter kibana you can use elastic superuser name and password.

Conclusion:

Thanks for reading. In this article, I try to share Elasticsearch-8.2.2 and Kibana-8.2.2 installation steps respectively.

 

=== 排错 ===

ERROR: bootstrap checks failed
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决办法：
修改配置sysctl.conf

1. sudo vi /etc/sysctl.conf

添加下面配置：

1. vm.max_map_count=655360

并执行命令：

1. sysctl -p

然后，重新启动elasticsearch，即可启动成功。