使用官方包安装
官网文档:www.elastic.co/guide/en/el…
下载
进入地址下载elasticsearch和kibana
www.elastic.co/downloads/e…
www.elastic.co/downloads/k…
解压到/usr/local/elasticsearch和/usr/local/kibana
配置
先赋予权限
chmod -R 777 /usr/local/elasticsearch
chmod -R 777 /usr/local/kibana
修改/etc/elasticsearch/elasticsearch.yml文件
- node.name: node-1
- network.host: <本机ip>
- cluster.initial_master_nodes: ["node-1"]
启动
cd /usr/local/elasticsearch
bin/elasticsearch
结果报错,不允许使用root账号启动,需要创建一个新用户
如果报错有SSL相关内容,说明跳过了自动安全配置,需要检查环境:
www.elastic.co/guide/en/el…
- 保证elaticsearch文件夹下没有data目录
- 保证elaticsearch/config文件夹下没有elasticsearch.keystore文件
- yml中没有配置集群
- yml中没有主动配置ssl相关信息
满足自动安全配置的要求后控制台会自动输出一个token,并且yml中会自动新增ssl相关配置,elaticsearch/config下会新增一个certs文件夹
浏览器输入http:ip:9200 则会出现一个登录框,说明启动成功
修改密码
在启动后的控制台中会输出一个默认密码
执行命令修改密码:
【ip】就是本机的ip
【password】就是你要新设置的密码
还要注意--cacert证书的路径是否正确
curl --cacert /usr/local/elasticsearch/config/certs/http_ca.crt -u elastic -X POST "https://【ip】:9200/_security/user/elastic/_password?pretty" -H 'Content-Type: application/json' -d '{ "password" : "【newpassword】"}'
然后输入原密码,即可修改密码成功
使用rpm方式安装(不建议使用这种方式)
安装
sudo yum -y install --enablerepo=elasticsearch elasticsearch-8.12.2
配置
修改/etc/elasticsearch/elasticsearch.yml文件
- node.name: node-1
- network.host: <本机ip>
- cluster.initial_master_nodes: ["node-1"]
修改 /usr/lib/systemd/system/elasticsearch.service文件
- TimeoutStartSec=1200
修改/etc/elasticsearch/jvm.options文件
- -Duser.timezone=Asia/Shanghai
github.com/infinilabs/… 下载分词器 解压到/usr/share/elasticsearch/plugins/ik目录
执行命令
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
启动失败出现的一些异常
如果出现这种提示,说明启动失败,可以去/var/log/elasticsearch目录查看日志
Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
failed to obtain node locks, tried [/var/lib/elasticsearch]; maybe these locations are not writable or multiple nodes were started on the same data path?
需要检查/var/lib/elasticsearch/目录下有没有.lock结尾的文件,如果有的话需要进行删除,然后再重启
Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
去yml文件修改配置:
- xpack.security.transport.ssl.enabled: true
invalid SSL configuration for xpack.security.transport.ssl - server ssl configuration requires a key and certificate, but these have not been configured; you must set either [xpack.security.transport.ssl.keystore.path], or both [xpack.security.transport.ssl.key] and [xpack.security.transport.ssl.certificate]
上面那个异常改过之后,遇到了这个异常
需要自己生成证书:
cd /usr/share/elasticsearch
bin/elasticsearch-certutil ca
执行命令:
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns localhost --ip 192.168.0.123
控制台输出结果:
[root@localhost elasticsearch]# bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --dns localhost --ip 192.168.0.123
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'cert' mode generates X.509 certificate and private keys.
* By default, this generates a single certificate and key for use
on a single instance.
* The '-multiple' option will prompt you to enter details for multiple
instances and will generate a certificate and key for each one
* The '-in' option allows for the certificate generation to be automated by describing
the details of each instance in a YAML file
* An instance is any piece of the Elastic Stack that requires an SSL certificate.
Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
may all require a certificate and private key.
* The minimum required value for each instance is a name. This can simply be the
hostname, which will be used as the Common Name of the certificate. A full
distinguished name may also be used.
* A filename value may be required for each instance. This is necessary when the
name would result in an invalid file or directory name. The name provided here
is used as the directory name (within the zip) and the prefix for the key and
certificate files. The filename is required if you are prompted and the name
is not displayed in the prompt.
* IP addresses and DNS names are optional. Multiple values can be specified as a
comma separated string. If no IP addresses or DNS names are provided, you may
disable hostname verification in your SSL configuration.
* All certificates generated by this tool will be signed by a certificate authority (CA)
unless the --self-signed command line option is specified.
The tool can automatically generate a new CA for you, or you can provide your own with
the --ca or --ca-cert command line options.
By default the 'cert' mode produces a single PKCS#12 output file which holds:
* The instance certificate
* The private key for the instance certificate
* The CA certificate
If you specify any of the following options:
* -pem (PEM formatted output)
* -multiple (generate multiple certificates)
* -in (generate certificates from an input file)
then the output will be be a zip file containing individual certificate/key files
Enter password for CA (elastic-stack-ca.p12) :
Please enter the desired output file [elastic-certificates.p12]:
Enter password for elastic-certificates.p12 :
Certificates written to /usr/share/elasticsearch/elastic-certificates.p12
This file should be properly secured as it contains the private key for
your instance.
This file is a self contained file and can be copied and used 'as is'
For each Elastic product that you wish to configure, you should copy
this '.p12' file to the relevant configuration directory
and then follow the SSL configuration instructions in the product guide.
For client applications, you may only need to copy the CA certificate and
configure the client to trust this certificate.
此时在当前目录会新增了两个文件【elastic-certificates.p12】和【elastic-stack-ca.p12】
把elastic-stack-ca.p12复制到/etc/elasticsearch/my_certs目录中
进入/etc/elasticsearch/elasticsearch.yml进行修改
xpack.security.enrollment.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/my_certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/my_certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/my_certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/my_certs/elastic-certificates.p12
证书密码需要通过执行命令进行配置
执行命令:
每执行一条需要输入密码,密码就是生成证书时配置的密码
cd /usr/share/elasticsearch
bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.http.ssl.truststore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
控制台输出:
然后启动elaticsearch
systemctl start elasticsearch
验证启动状态
执行命令systemctl status elasticsearch
浏览器输入https://ip:9200
其他相关内容
卸载elasticsearch
systemctl status elasticsearch.service # 检查elasticsearch服务状态
systemctl stop elasticsearch.service # 停止elasticsearch服务状态
systemctl disable elasticsearch # 剔除elasticsearch服务
systemctl daemon-reload # 重载系统服务
rpm -qa | grep elasticsearch # 查询rpm安装的elasticsearch
rpm -e --nodeps elasticsearch-8.12.2-1.x86_64 # rpm卸载elasticsearch
rm -rf /etc/elasticsearch # 删除残留文件
rm -rf /usr/share/elasticsearch
rm -rf /opt/software/elasticsearch # 删除elasticsearch自定义文件
卸载kibana
systemctl stop kibana.service
systemctl disable kibana.service
sudo rm -rf /usr/share/kibana
sudo rm -rf /etc/kibana
sudo rm -rf /var/log/kibana
sudo systemctl daemon-reload
sudo systemctl reset-failed
