Centos7安装ElasticSearch

CentOS：7.9
ElasticSearch：7.15.2
Kibana：7.15.2
分词插件IK：7.15.2

安装ElasticSearch

官方教程：https://www.elastic.co/guide/en/elasticsearch/reference/7.15/rpm.html#rpm-repo

1. 下载安装包

   wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.15.2-x86_64.rpm
   

2. 安装

   sudo rpm --install elasticsearch-7.15.2-x86_64.rpm
   

3. 设置开机启动

   sudo systemctl enable elasticsearch.service
   sudo systemctl daemon-reload
   

4. 启动或关闭服务

   sudo systemctl start elasticsearch.service
   sudo systemctl stop elasticsearch.service
   

配置ElasticSearch

ElasticSearch 目录布局

https://www.elastic.co/guide/en/elasticsearch/reference/7.15/rpm.html#rpm-layout

1. 系统配置

   增加资源分配

   vim /etc/security/limits.conf
   
   soft nofile 65535
   hard nofile 131072
   soft nproc 2048
   hard nproc 4096
   

   内核参数

   Elasticsearch默认使用mmapfs目录来存储其索引。操作系统对mmap计数的默认限制可能过低，这可能会导致内存不足的异常。

   vim /etc/sysctl.conf
   添加记录
   vm.max_map_count=262144
   刷新配置
   sysctl -p
   验证是否生效
   sysctl vm.max_map_count
   

2. ElasticSearch配置（etc/elasticsearch/elasticsearch.yml）

   官方文档：https://www.elastic.co/guide/en/elasticsearch/reference/7.15/important-settings.html

   # 集群名称
   cluster.name: my-application
   # 节点名称
   node.name: node-1
   # 索引目录
   path.data: /var/data/elasticsearch
   # 日志目录
   path.logs: /var/log/elasticsearch
   # 远程访问
   network.host: 0.0.0.0
   # http端口
   http.port: 9200
   # 集群服务的端口
   transport.tcp.port: 9300
   # 跨域配置
   http.cors.enabled: true
   http.cors.allow-origin: "*"
   # 服务节点
   discovery.seed_hosts: ["192.168.0.1:9300","192.168.0.2:9300","192.168.0.3:9300"]
   # 指定新集群 master 候选者列表
   cluster.initial_master_nodes:  ["node-1","node-2","node-3"]
   

3. JVM配置（/etc/elasticsearch/jvm.options）

   JVM 配置需要注意以下几点：

   # 堆内存
   -Xmx10g -Xms10g 
   

   这两个 jvm 的配置必须配置一样的数值。启动时就分配好内存空间，避免运行时申请分配内存造成系统抖动。
   Xmx不要超过机器内存的 50%，留下些内存供 JVM 堆外内存使用
   并且Xmx不要超过 32G。建议最大配置为 30G。接近 32G，JVM 会启用压缩对象指针的功能，导致性能下降。具体可以参考：

   https://www.elastic.co/guide/en/elasticsearch/reference/7.15/advanced-configuration.html#set-jvm-heap-size

Elasticsearch开启安全认证

https://blog.csdn.net/qq_44930876/article/details/128653811

1. 生成认证文件

   • 生成ca证书

     sh bin/elasticsearch-certutil ca
     

     一路回车，设置完成后会在elasticsearch的Home目录下看到新生成的证书elastic-stack-ca.p12

   • 生成p12密钥

     sh bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
     

     一路回车，设置完成后会在elasticsearch的Home目录下看到新生成的密钥elastic-certificates.p12

   • 移动elastic-certificates.p12到 ES_PATH_CONF目录，并修改权限为777

     chmod 777 elastic-certificates.p12
     mv elastic-certificates.p12 /etc/elasticsearch/
     

2. 修改配置文件

   # 开启xpack
   xpack.security.enabled: true
   xpack.license.self_generated.type: basic
   xpack.security.transport.ssl.enabled: true
   # 证书配置
   xpack.security.transport.ssl.verification_mode: certificate
   xpack.security.transport.ssl.client_authentication: required
   xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
   xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
   

3. 设置用户名密码

   重启ES，手动设置各个用户的密码：

   sh elasticsearch-setup-passwords interactive
   

分词插件（ik）

1. 下载es-ik插件

   https://github.com/medcl/elasticsearch-analysis-ik

2. 安装

   cd /usr/share/elasticsearch
   
   bin/elasticsearch-plugin install file:///home/elasticsearch-analysis-ik-7.15.2.zip
   
   

安装Kibana

官方教程：https://www.elastic.co/guide/en/kibana/7.15/rpm.html#rpm-repo

1. 下载安装包

   wget https://artifacts.elastic.co/downloads/kibana/kibana-7.15.2-x86_64.rpm
   

2. 安装

   sudo rpm --install kibana-7.15.2-x86_64.rpm
   

3. 设置开机启动

   sudo systemctl enable kibana.service
   sudo systemctl daemon-reload
   

4. 启动或关闭服务

   sudo systemctl start kibana.service
   sudo systemctl stop kibana.service
   

修改 kibana 配置

kibana 文件布局：https://www.elastic.co/guide/en/kibana/7.15/rpm.html#rpm-layout

# http 访问端口
server.port: 5601
# ip 地址， 0.0.0.0 表示可远程访问
server.host: "0.0.0.0"
# kibana 服务名
server.name: "your-hostname"
# elasticsearch 地址
elasticsearch.hosts: ["http://localhost:9200"]
# 请求 elasticsearch 超时时间，默认为 30000 ，此处可根据情况设置
elasticsearch.requestTimeout: 30000
# 本地化设置
i18n.locale: "zh-CN"

设置账户密码

xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"
# 明文配置,则加上以下两行。推荐密文配置
elasticsearch.username: "kibana"
elasticseacr.password: "kibana_passwd"

密文配置

cd /usr/share/kibana/bin
sh kibana-keystore create
sh kibana-keystore add elasticsearch.username
# 输入账户：elastic
sh kibana-keystore add elasticsearch.password
# 输入elastic账户的密码

参考文献

1. https://www.elastic.co/guide/en/elasticsearch/reference/7.15/rpm.html
2. https://www.elastic.co/guide/en/kibana/7.15/rpm.html#rpm-repo
3. https://github.com/medcl/elasticsearch-analysis-ik
4. https://blog.csdn.net/m0_67390969/article/details/126360351
5. https://blog.csdn.net/weixin_40816738/article/details/121399443
6. https://blog.csdn.net/weixin_40612128/article/details/123476150
7. https://blog.csdn.net/qq_44930876/article/details/128653811
8. https://blog.csdn.net/q283614346/article/details/120698788
9. https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#encrypt-internode-communication