Centos8.2安装Elasticsearch-7.11.1 失败
Centos8.2安装Elasticsearch-7.11.1
1. 下载elasticsearch
curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.11.1-linux-x86_64.tar.gz tar -xzvf elasticsearch-7.11.1-linux-x86_64.tar.gz cd elasticsearch-7.11.1 ./bin/elasticsearch
2.下载kibana(配套UI)
curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.11.1-linux-x86_64.tar.gz tar xzvf kibana-7.11.1-linux-x86_64.tar.gz cd kibana-7.11.1-linux-x86_64/ ./bin/kibana
都是开箱即用,建议手动移动目录到/usr/local/下
3.启动elasticsearch
3.1 创建专用用户组和用户,root无法启动
groupadd es useradd esuser -g es passwd esuser
3.2更改文件夹及内部文件的所属用户及组
chown -R esuser:es /usr/local/elasticsearch-7.11.1
3.3 切换用户 到esuser
su esuser
3.4 elasticsearch 配置
vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml
添加两行,注意:冒号后面要带一个空格
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]
3.5 设置elasticsearch用户拥有的内存权限,至少需要262144
su root
vim /etc/sysctl.conf
末尾添加一行:
vm.max_map_count=262144
#立即生效 /sbin/sysctl -p
3.6 jvm内存调小一些
vim /usr/local/elasticsearch-7.11.1/config/jvm.options
新增两行,将内存调整至512m
-Xms512m
-Xmx512m
3.7 自定义管理脚本
#!/bin/bash
#chkconfig: 2345 80 90
#description:elasticsearch
export ES_HOME=/usr/local/elasticsearch-7.11.1
case $1 in
start)
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
stop)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
;;
restart)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
sleep 1
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
#在命令行执行下面命令,赋予脚本执行权限
chmod +x elasticsearch
命令:
#启动 /etc/init.d/elasticsearch start #停止 /etc/init.d/elasticsearch stop #重启 /etc/init.d/elasticsearch restart
启动后,命令行输入curl -XGET http://localhost:9200,得到以下响应说明启动成功
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | { "name" : "localhost.localdomain", "cluster_name" : "elasticsearch", "cluster_uuid" : "_na_", "version" : { "number" : "7.11.1", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "ff17057114c2199c9c1bbecc727003a907c0db7a", "build_date" : "2021-02-15T13:44:09.394032Z", "build_snapshot" : false, "lucene_version" : "8.7.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search"} |
4.安装ik分词器
cd /usr/local/elasticsearch-7.11.1/plugins
4.1 新建一个ik目录
4.2 下载与ES版本对于的分词器压缩包,下载地址:https://github.com/medcl/elasticsearch-analysis-ik/releases
4.3 解压压缩包到ik目录
4.4 重启ES
5.ElasticSearch设置用户名密码访问
vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml
添加如下:
http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true
安装分词器并设置用户名和密码后,在输入curl -XGET http://localhost:9200,显示无法访问了
1 | {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],<br>"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401} |
应该使用用户名和密码登录curl -u esuser -XGET http://localhost:9200会提示输入密码,结果输入密码后还是不行
1 | {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""<br>}}],"type":"security_exception","reason":"unable to authenticate user [esuser] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401} |
不知道哪里的事了,把那些安全配置全删了
vim /usr/local/elasticsearch-7.11.1/config/elasticsearch.yml,再重启elasticsearch,显示启动后接着输入curl -XGET http://localhost:9200显示拒绝连接,
因为是上下键滚动输入命令,速度非常快,所以原因应该是,虽然显示启动了,但是还没完全启动的事,过个一分钟左右,再输入就可以正常显示了
又把步骤5的内容加上,之后显示的还是不行,重启接着访问,拒绝,过一会,就显示没有授权了
带上用户名,输入密码也不行,难道是密码不对???
再去日志文件具体看看啥错误,显示Caused by: javax.net.ssl.SSLHandshakeException: No available authentication scheme错误
生成证书的时候不要输入密码,假如在生成证书的时候设置了密码,会导致无法启动ES,报错:
1 2 3 | ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException<br>[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.<br>BadPaddingException:<br> Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if<br> a bad key is used during decryption. |
所以把之前生成的证书删掉,重新生成,并且不输入密码。
1 2 | ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read<br> truststore file [/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12]]; nested: AccessDeniedException[/usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12];Likely root cause: java.nio.file.AccessDeniedException: /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12 |
如果是权限不够的话,运行赋予权限命令:chmod 777 /usr/local/elasticsearch-7.11.1/config/certs/elastic-certificates.p12
先安装一下kibana看看情况吧
https://baijiahao.baidu.com/s?id=1708400591595011982&wfr=spider&for=pc
如果启动成功的话,会显示
1 2 3 4 5 6 | log [10:23:31.373] [info][plugins][watcher] 您的basic许可证不支持 watcher。请升级您的许可证。 log [10:23:31.381] [info][crossClusterReplication][plugins] 您的basic许可证不支持 crossClusterReplication。请升级您的许可证。 log [10:23:31.382] [info][kibana-monitoring][monitoring][monitoring][plugins] Starting monitoring stats collection log [10:23:32.706] [info][listening] Server running at http://0.0.0.0:5601 log [10:23:33.737] [info][server][Kibana][http] http server running at http://0.0.0.0:5601 log [10:23:34.715] [warning][plugins][reporting] Enabling the Chromium sandbox provides an additional layer of protection. |
在浏览器中输入ip:5601显示无法打开,应该是端口没开放的原因,查看端口状态命令:firewall-cmd --query-port=5601/tcp
开启端口命令:firewall-cmd --zone=public --add-port=5601/tcp --permanent
重新加载防火墙:firewall-cmd --reload
再输入地址端口号,可以正确显示页面
此时如果关闭命令行窗口,浏览器里又无法访问了,需要后台启动的形式运行kibana,命令:nohup ./kibana &
nohup ./kibana & 前台不输出日志,都输出到nohup.out文件中
./kibana & 命令后台启动,但是日志还是在前台输出,如果有错误的话会在前台不停的出现。
到这个地方又出现问题了: ./elasticsearch-setup-passwords interactive
Future versions of Elasticsearch will require Java 11; your Java version from [/usr/local/jdk1.8.0_301/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.
Failed to determine the health of the cluster running at http://172.16.2.98:9200
Unexpected response code [503] from calling GET http://172.16.2.98:9200/_cluster/health?pretty
Cause: master_not_discovered_exception
It is recommended that you resolve the issues with your cluster before running elasticsearch-setup-passwords.
It is very likely that the password changes will fail when run against an unhealthy cluster.
Do you want to continue with the password setup process [y/N]
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
2016-03-15 leach-matlab
2016-03-15 leach协议matlab仿真代码