<h3>ElasticSearch 部署</h3><ol><li>一、系统环境</li><li>二、解压安装</li><ul><li>2.1 解压压缩包</li><li>2.2 修改配置文件</li><li>2.3 添加操作用户</li><li>2.4 启动</li><li>2.5 开放端口</li><li>2.6 开机自启动配置</li><li>2.7 设置用户名密码认证</li></ul><li>三、总结</li></ol><p>
</p><h1>一、系统环境</h1><p>操作系统:Centos 7
已配置环境:空</p><h1>二、解压安装</h1><h2>2.1 解压压缩包</h2><p>上传压缩包到/opt 目录下</p><p>cd /opt
</p><p>解压并创建数据目录</p><p>tar -zxvf elasticsearch-8.6.2-linux-x86_64.tar.gz
mv elasticsearch-8.6.2 elasticsearch
mkdir /opt/elasticsearch/data
</p><h2>2.2 修改配置文件</h2><p>cd /opt/elasticsearch/config/
cp elasticsearch.yml elasticsearch.yml.cp
vi elasticsearch.yml
</p><p>在文件末尾添加以下配置:</p><p>cluster.name: test-elasticsearch
node.name: es-node0
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
network.host: 0.0.0.0
cluster.initial_master_nodes: ["es-node0"]
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/490b3f924d181be6.jpeg" img-data="{"format":"jpeg","size":20484,"height":250,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><h2>2.3 添加操作用户</h2><p>es不允许使用root用户操作,需要单独添加用户,并给es 文件夹赋权</p><p>useradd es
chown -R es:es /opt/elasticsearch/
</p><h2>2.4 启动</h2><p>后台启动 ES</p><p>su es
cd /opt/elasticsearch/bin/
./elasticsearch -d
</p><p>此时没法正常启动ES ,报错了。
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/f27eade765cb454c.jpeg" img-data="{"format":"jpeg","size":40502,"height":205,"width":829}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p/><p>对于【max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]】
修改配置</p><p>exit
vi /etc/security/limits.conf
</p><p>在文件末尾添加以下内容:</p><p>* soft nofile 65536
- hard nofile 131072
- soft nproc 2048
- hard nproc 4096
</p><p>对于【max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]】</p><p>vi /etc/sysctl.conf
</p><p>添加以下内容:</p><p> vm.max_map_count=262145
</p><p>刷新配置后重启ES</p><p>sysctl -p
su es
cd /opt/elasticsearch/bin/
./elasticsearch -d
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/e0ecb47a26e3c531.jpeg" img-data="{"format":"jpeg","size":54870,"height":258,"width":829}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><h2>2.5 开放端口</h2><p>因为防火墙开启的缘故,需要开放ES 的端口</p><p>exit
firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --reload
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/7877155d01d2e718.jpeg" img-data="{"format":"jpeg","size":15596,"height":140,"width":831}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>但是,此时访问es 还是会失败。</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/6c6879d1f8f91ea0.jpeg" img-data="{"format":"jpeg","size":57308,"height":219,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>再次查看配置文件,会发现配置文件中末尾多了些安全相关的配置</p><p>vi elasticsearch.yml
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/02b3f577724b80e6.jpeg" img-data="{"format":"jpeg","size":55474,"height":651,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>修改以下内容:</p><p>xpack.security.enabled: false
</p><p>关闭es ,重新启动</p><p>ps -ef|grep elastic
kill 2896
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/0386f9168ce46a41.jpeg" img-data="{"format":"jpeg","size":36953,"height":162,"width":831}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>su es
cd /opt/elasticsearch/bin/
./elasticsearch -d
</p><p>此时访问ES ,正常。</p><blockquote><p>访问地址: http://192.168.88.159:9200/
健康检查:
http://192.168.88.159:9200/_cluster/health?pretty=true
集群详细信息:
http://192.168.88.159:9200/_cluster/state?pretty</p></blockquote><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/e40c0767dbfd60bb.jpeg" img-data="{"format":"jpeg","size":45751,"height":582,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><h2>2.6 开机自启动配置</h2><p>查看当前的开机启动服务</p><p>chkconfig --list
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/9502f77c2ff8238d.jpeg" img-data="{"format":"jpeg","size":34924,"height":267,"width":831}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>在/etc/init.d目录下创建启动文件</p><p>exit;
vi /etc/init.d/elasticsearch
</p><p>添加内容如下</p><p>#!/bin/bash
chkconfig: 2345 63 37
description: elasticsearch
processname: elasticsearch-8.6.2
export ES_HOME=/opt/elasticsearch
case ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
stop)
##也可以根据ps命令获取elasticsearch进程的pid
##es_pid=ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'
##kill -9 $es_pid
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
;;
restart)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
sleep 1
su es<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
)
echo "start|stop|restart"
;;
esac
exit 0
</p><p>注意⚠️:
1、脚本中自动完成了用户的切换,在es 用户下启动 ES
2、采用 ./bin/elasticsearch -d -p pid 命令启动,会在目录下生成 pid 文件,服务stop 时可以直接读取pid 文件获取pid 。
说明:
每个被 chkconfig 管理的服务需要在对应的 init.d 下的脚本加上两行或者更多行的注释。
第一行告诉 chkconfig 缺省启动的运行级以及启动和停止的优先级。如果某服务缺省不在任何运行级启动,那么使用 - 代替运行级。
第二行对服务进行描述,可以用 \ 跨行注释。
#chkconfig: 2345 63 37 指的是指定 kibana 服务在 2、3、4、5的 level 等级下脚本执行顺序是63,1、6的 level 等级下脚本执行顺序是37。</p><p>增加脚本的可执行权限</p><p>chmod +x /etc/init.d/elasticsearch
</p><p>把 ES 服务添加到 chkconfig 列表</p><p>chkconfig --add elasticsearch
</p><p>设置 ES 服务自启动</p><p>chkconfig elasticsearch on
</p><p>查看 ES 服务自启动状态</p><p>chkconfig --list elasticsearch
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/2468cf29d9251be7.jpeg" img-data="{"format":"jpeg","size":23288,"height":200,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>如果2~5都是on,就表明会自动启动了</p><blockquote><p>服务启动
service elasticsearch start
服务停止
service elasticsearch stop
服务重启
service elasticsearch restart</p></blockquote><h2>2.7 设置用户名密码认证</h2><p>注意:因为 ES 已经启动,且不是使用上面脚本的命令启动,故而想要使用上面三条命令,需得先关闭原本的 ES 程序。
ps -ef|grep elastic
kill 3142
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/dac76bed4278105a.jpeg" img-data="{"format":"jpeg","size":36466,"height":169,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p/><p>启动 ES</p><p>service elasticsearch start
</p><p>修改配置</p><p>vi /opt/elasticsearch/config/elasticsearch.yml
</p><p>修改以下内容</p><blockquote><p>xpack.security.enabled: true
http.cors.enabled: true
http.cors.allow-origin: “”
http.cors.allow-headers: Authorization</p></blockquote><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/338e1375ef4fa97e.jpeg" img-data="{"format":"jpeg","size":50766,"height":500,"width":830}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>重置 ES 中用户elastic 的密码:</p><p>service elasticsearch restart
cd /opt/elasticsearch/bin/
./elasticsearch-reset-password -u elastic
y
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/5e00c78aa10e9053.jpeg" img-data="{"format":"jpeg","size":21519,"height":174,"width":831}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><p>此时访问 http://192.168.88.159:9200/ 会没有响应,需要将 http 改为 https ,或者修改配置禁用ssl :</p><p>vi elasticsearch.yml
</p><div class="image-package"><img src="https://img.haomeiwen.com/i12348461/7ed6cb21f00cf1e9.jpeg" img-data="{"format":"jpeg","size":13189,"height":139,"width":595}" class="uploaded-img" style="min-height:200px;min-width:200px;" width="auto" height="auto"/>
</div><h1>三、总结</h1><p>本文内容:
在空白的 Centos 7 系统中,安装部署 ElasticSearch 8.6 ,同时设置开机自启和密码安全策略。</p><p>我是陈冰安,在知识宇宙中摸爬滚打,分享个人所得,也期待志同道合。</p>
网友评论