526互联

elasticsearch8安装部署

发布时间 2023-06-29 17:25:50作者: slnngk

环境:
OS:Centos 7

 

1.下载
下载地址:
https://www.elastic.co/cn/downloads/past-releases#elasticsearch

2.解压缩并创建数据目录
[root@localhost soft]# tar -xvf elasticsearch-8.8.0-linux-x86_64.tar.gz
[root@localhost soft]# mv elasticsearch-8.8.0 /opt/
[root@localhost soft]#cd /opt/elasticsearch-8.8.0


3.创建用户(若已经存在的可不用创建)
因为启动es不能在root用户下启动,所以要事先创建非root用户
[root@localhost opt]# useradd esuser
[root@localhost opt]# cd /opt/
[root@localhost opt]# chown -R esuser.esuser ./elasticsearch-8.8.0/

4.创建目录
su - esuser
[esuser@host134 elasticsearch-8.8.0]$ cd /opt/elasticsearch-8.8.0
[esuser@host134 elasticsearch-8.8.0]$ mkdir data
[esuser@host134 elasticsearch-8.8.0]$ mkdir logs

 

4.生成安全证书
步骤1:
su - esuser
[esuser@host134 bin]$ cd /opt/elasticsearch-8.8.0/bin
[esuser@host134 bin]$ ./elasticsearch-certutil ca
Please enter the desired output file [elastic-stack-ca.p12]: ##直接回车
Enter password for elastic-stack-ca.p12 : ##直接回车

这个时候会在bin上级目录生成一个elastic-stack-ca.p12文件
[esuser@host134 elasticsearch-8.8.0]$ pwd
/opt/elasticsearch-8.8.0
[esuser@host134 elasticsearch-8.8.0]$ ls -al elastic-stack-ca.p12
-rw------- 1 esuser esuser 2672 Jun 29 15:47 elastic-stack-ca.p12

 

步骤2:
根据elastic-stack-ca.p12文件 生成elastic-certificates.p12
[esuser@host134 bin]$ cd /opt/elasticsearch-8.8.0/bin
[esuser@host134 bin]$./elasticsearch-certutil cert --ca /opt/elasticsearch-8.8.0/elastic-stack-ca.p12

Enter password for CA (/opt/elasticsearch-8.8.0/elastic-stack-ca.p12) : ##直接回车
Please enter the desired output file [elastic-certificates.p12]: ##直接回车
Enter password for elastic-certificates.p12 : ##直接回车


这个时候会在目录下生成2个文件
[esuser@host134 elasticsearch-8.8.0]$ ls -1
bin
config
data
elastic-certificates.p12
elastic-stack-ca.p12
jdk
lib
LICENSE.txt
logs
modules
NOTICE.txt
plugins
README.asciidoc

 

步骤3:
将证书生成的2个文件mv到config目录
[esuser@host134 elasticsearch-8.8.0]$ mv elastic-certificates.p12 ./config/
[esuser@host134 elasticsearch-8.8.0]$ mv elastic-stack-ca.p12 ./config/

 

4.修改配置文件

[esuser@localhost config]$ more elasticsearch.yml
##集群名称
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#节点名称
node.name: node-1
# Path to directory where to store the data (separate multiple locations by comma):
#数据目录
path.data: /opt/elasticsearch-8.8.0/data
#日志目录
path.logs: /opt/elasticsearch-8.8.0/logs
#
# Set the bind address to a specific IP (IPv4 or IPv6):
## 设置绑定的ip,设置为本机的ip
network.host: 192.168.1.134
# Set a custom port for HTTP:
#端口
http.port: 19200

#设置在集群中的所有节点名称,这个节点名称就是之前所修改的,当然你也可以采用默认的也行,目前是单机,放入一个节点即可
#注意这里,如果目前是单节点的话,一定要修改该值为节点的名称,否则虽然启动成功了,但是通过curl命令向elasticsearch服务中新增数据时,会出现 "master_not_discovered_exception"错误
cluster.initial_master_nodes: ["node-1"]

###########安全认证部分##############################
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

 

6.配置jvm内存大小
进入到jvm.options.d目录 创建自定义文件jvm.options,加入如下参数,这个与之前版本是有区别的,之前的版本直接修改jvm.options即可
[esuser@host134 config]$ cd jvm.options.d
[esuser@host134 jvm.options.d]$ ls
jvm.options
[esuser@host134 jvm.options.d]$ more jvm.options
-Xms6g
-Xmx6g

 

7.启动
[esuser@host134 bin]$ cd /opt/elasticsearch-8.8.0/bin
[esuser@host134 bin]$ ./elasticsearch -d
warning: ignoring JAVA_HOME=/usr/local/java/jdk1.8.0_361; using bundled JDK
说明8版本已经使用自带的jdk了.

 

8.这个时候没有密码是不可以登录

[esuser@host134 config]$ curl http://192.168.1.134:19200/?pretty
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "missing authentication credentials for REST request [/?pretty]",
        "header" : {
          "WWW-Authenticate" : [
            "Basic realm=\"security\" charset=\"UTF-8\"",
            "ApiKey"
          ]
        }
      }
    ],
    "type" : "security_exception",
    "reason" : "missing authentication credentials for REST request [/?pretty]",
    "header" : {
      "WWW-Authenticate" : [
        "Basic realm=\"security\" charset=\"UTF-8\"",
        "ApiKey"
      ]
    }
  },
  "status" : 401
}

 

9.设置密码
我这里的所有账号密码设置为elastic

[esuser@host134 bin]$ ./elasticsearch-setup-passwords interactive
warning: ignoring JAVA_HOME=/usr/local/java/jdk1.8.0_361; using bundled JDK
******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This       command will be removed in a future release.
******************************************************************************

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana_system]: 
Reenter password for [kibana_system]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

 

10.这个时候就可以使用账号密码访问了
curl -u elastic:elastic http://192.168.1.134:19200/?pretty
curl -u elastic:elastic -X GET 'http://192.168.1.134:19200/_cat/indices?v'
curl -u elastic:elastic "192.168.1.134:19200/_license"