1 资源
| 资源信息 | 版本号 | 备注 |
|---|---|---|
| 服务器 | Centos7 | IP: 192.168.51.4 |
| elasticsearch | 7.4.2 | IP: 192.168.51.4 |
2 介绍
Elasticsearch是一个基于Apache Lucene(TM)的开源搜索引擎,无论在开源还是专有领域,Lucene可以被认为是迄今为止最先进、性能最好的、功能最全的搜索引擎库。
但是,Lucene只是一个库。想要发挥其强大的作用,你需使用Java并要将其集成到你的应用中。Lucene非常复杂,你需要深入的了解检索相关知识来理解它是如何工作的。
Elasticsearch也是使用Java编写并使用Lucene来建立索引并实现搜索功能,但是它的目的是通过简单连贯的RESTful API让全文搜索变得简单并隐藏Lucene的复杂性。
不过,Elasticsearch不仅仅是Lucene和全文搜索引擎,它还提供:
- 分布式的实时文件存储,每个字段都被索引并可被搜索
- 实时分析的分布式搜索引擎
- 可以扩展到上百台服务器,处理PB级结构化或非结构化数据
附上官网地址:https://www.elastic.co/cn/elasticsearch/
3 安装
3.1 安装
elasticsearch单机版的安装,可参考博文:
ES elasticsearch的安装和配置:https://www.jianshu.com/p/a47ccfd3d49a
3.2 启动ES
[root@localhost logstash-7.4.2]# cd /usr/local/elasticsearch-7.4.2/bin
[root@localhost bin]# ./elasticsearch -d
future versions of Elasticsearch will require Java 11; your Java version from [/opt/module/haoke/jdk1.8.0_141/jre] does not meet this requirement
4 设置用户名与密码
4.1 生成ES的秘钥
4.1.1 生成根密钥
[root@localhost bin]# ./elasticsearch-certutil ca --pem
future versions of Elasticsearch will require Java 11; your Java version from [/opt/module/haoke/jdk1.8.0_141/jre] does not meet this requirement
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
* The CA certificate
* The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Please enter the desired output file [elastic-stack-ca.zip]:
4.1.2 解压根秘钥
[root@localhost bin]# unzip elastic-stack-ca.zip
Archive: elastic-stack-ca.zip
creating: ca/
inflating: ca/ca.crt
inflating: ca/ca.key
总用量 8
-rw-r--r--. 1 root root 1200 3月 27 19:43 ca.crt
-rw-r--r--. 1 root root 1679 3月 27 19:43 ca.key
4.1.3 生成节点秘钥
[root@localhost bin]# ./elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem
4.1.4 解压节点密钥
[root@localhost bin]# unzip certificate-bundle.zip
4.1.5 自定义配置路径
[root@localhost bin]# cd /usr/local/elasticsearch-7.4.2/config
[root@localhost config]# mkdir x-pack
bin目录生成的ca和instance两个文件夹 拷贝至config下面的x-pack文件夹下
4.2 配置秘钥
[root@localhost config]# vi elasticsearch.yml
最后添加如下代码:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: x-pack/instance/instance.key
xpack.ssl.certificate: x-pack/instance/instance.crt
xpack.ssl.certificate_authorities: x-pack/ca/ca.crt
xpack.ssl.verification_mode: certificate
xpack.ssl.client_authentication: required
4.3 重新启动ES
4.3.1 停止服务
[root@localhost config]# jps
28696 Elasticsearch
29977 Jps
[root@localhost config]# kill 28696
4.3.2 启动服务
[root@localhost bin]# cd /usr/local/elasticsearch-7.4.2/bin
[root@localhost bin]# ./elasticsearch -d
4.4 设置密码
[root@localhost bin]# ./elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [/opt/module/haoke/jdk1.8.0_141/jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
5 相关信息
- 博文不易,辛苦各位猿友点个关注和赞,感谢
网友评论