一、物料准备(注意:必须版本一致):
1、安装包
elasticsearch-7.17.15-linux-x86_64.tar.gz (这个版本的插件需要在线使用命令安装:/es/elasticsearch-7.17.15/bin/elasticsearch-plugin install https://get.infini.cloud/elasticsearch/analysis-ik/7.17.15,或者用我的 传送门)
analysis-ik.7.17.15.tar.gz
kibana-7.17.15-linux-x86_64.tar.gz
2、机器
三台centos7虚拟机
192.168.3.110、192.168.3.120 、192.168.3.130
二、安装步骤
1、root用户 修改系统配置
// 在文件末尾添加下面的参数值
# echo "* soft nofile 65536" >> /etc/security/limits.conf && echo "* hard nofile 131072" >> /etc/security/limits.conf
# echo "* soft memlock unlimited" >> /etc/security/limits.conf && echo "* hard memlock unlimited" >> /etc/security/limits.conf
# echo "vm.max_map_count=655360" >> /etc/sysctl.conf
# 更改生效
# sysctl -p
2、使用root用户在三台机器上创建目录授权给普通用户es(安装目录为: /es 用户组:es,用户名:es)
# groupadd es && mkdir /es && useradd -m -g es -d /es es && chown -R es:es /es
3、使用es用户配置elasticsearch
3.1、上传到安装包到安装目录/es 并解压:
192.168.3.110 上传包:elasticsearch-7.17.15-linux-x86_64.tar.gz、analysis-ik.7.17.15.tar.gz、kibana-7.17.15-linux-x86_64.tar.gz
192.168.3.120 上传包:elasticsearch-7.17.15-linux-x86_64.tar.gz、analysis-ik.7.17.15.tar.gz
192.168.3.130 上传包:elasticsearch-7.17.15-linux-x86_64.tar.gz、analysis-ik.7.17.15.tar.gz
3.2、三台机器依次复制解压的ik插件到elasticsearch插件目录:
$ cp -r analysis-ik elasticsearch-7.17.15/plugins/
3.3、三台机器依次创建data和日志目录:
$ mkdir -p /es/elasticsearch-7.17.15/data && mkdir -p /es/elasticsearch-7.17.15/logs
3.4、在192.168.3.110上生成证书文件并移动到指定配置目录后分发到另外两台机器:
生成证书文件,在elasticsearch-7.17.15会生成两个.p12后缀文件(提示输入直接回车,不用指定密码!):
$ /es/elasticsearch-7.17.15/bin/elasticsearch-certutil ca
$ /es/elasticsearch-7.17.15/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
创建证书目录并移动证书文件到该目录下
$ mkdir -p /es/elasticsearch-7.17.15/config/certs && mv /es/elasticsearch-7.17.15/*.p12 /es/elasticsearch-7.17.15/config/certs/
分发证书到另外两台机器:
$ scp -r /es/elasticsearch-7.17.15/config/certs/ [email protected]:/es/elasticsearch-7.17.15/config/
$ scp -r /es/elasticsearch-7.17.15/config/certs/ [email protected]:/es/elasticsearch-7.17.15/config/
3.5、修改三台机器elasticsearch的jvm配置:
$ vim /es/elasticsearch-7.17.15/config/jvm.options
修改堆内存大小(以实际情况设置,官方说是设置为总内存的50%,官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/7.17/advanced-configuration.html):
-Xms2g
-Xmx2g
3.6、修改三台机器elasticsearch配置文件elasticsearch.yml:
$ vim /es/elasticsearch-7.17.15/config/elasticsearch.yml
三台机器的elasticsearch.yml
cluster.name: es-cls node.name: node1 node.master: true node.data: true path.data: /es/elasticsearch-7.17.15/data path.logs: /es/elasticsearch-7.17.15/logs bootstrap.memory_lock: true bootstrap.system_call_filter: false network.host: 192.168.3.110 http.port: 9200 transport.tcp.port: 9300 discovery.seed_hosts: ["192.168.3.110:9300", "192.168.3.120:9300", "192.168.3.130:9300"] cluster.initial_master_nodes: ["node1", "node2" ,"node3"] http.cors.enabled: true http.cors.allow-origin: "*" xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /es/elasticsearch-7.17.15/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /es/elasticsearch-7.17.15/config/certs/elastic-certificates.p12192.168.3.110
cluster.name: es-cls node.name: node2 node.master: true node.data: true path.data: /es/elasticsearch-7.17.15/data path.logs: /es/elasticsearch-7.17.15/logs bootstrap.memory_lock: true bootstrap.system_call_filter: false network.host: 192.168.3.120 http.port: 9200 transport.tcp.port: 9300 discovery.seed_hosts: ["192.168.3.110:9300", "192.168.3.120:9300", "192.168.3.130:9300"] cluster.initial_master_nodes: ["node1", "node2" ,"node3"] http.cors.enabled: true http.cors.allow-origin: "*" xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /es/elasticsearch-7.17.15/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /es/elasticsearch-7.17.15/config/certs/elastic-certificates.p12192.168.3.120
cluster.name: es-cls node.name: node3 node.master: true node.data: true path.data: /es/elasticsearch-7.17.15/data path.logs: /es/elasticsearch-7.17.15/logs bootstrap.memory_lock: true bootstrap.system_call_filter: false network.host: 192.168.3.130 http.port: 9200 transport.tcp.port: 9300 discovery.seed_hosts: ["192.168.3.110:9300", "192.168.3.120:9300", "192.168.3.130:9300"] cluster.initial_master_nodes: ["node1", "node2" ,"node3"] http.cors.enabled: true http.cors.allow-origin: "*" xpack.security.enabled: true xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: /es/elasticsearch-7.17.15/config/certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: /es/elasticsearch-7.17.15/config/certs/elastic-certificates.p12192.168.3.130
3.7、启动三台机器的服务,进行内置账号处理及添加自定义账号:
依次启动服务:
$ /es/elasticsearch-7.17.15/bin/elasticsearch -d
三台都启动完成后,修改内置账户密码 (在任意一台机器上修改即可):
$ /es/elasticsearch-7.17.15/bin/elasticsearch-setup-passwords interactive
按提示依次输入各个账户密码.......,建议设置成一样的,方便维护!我这里设置为:es123456
使用内置的用户elastic添加自定义账号(任意一台机器上添加即可,使用curl命令调用添加,这里添加的用户为 testadmin(url后面),角色为超级管理员:superuser,密码为:es123456):
$ curl -u elastic:es123456 -X POST "192.168.3.110:9200/_security/user/testadmin?pretty" -H 'Content-Type: application/json' -d \
'{"password":"es123456","roles":["superuser"],"full_name":"testadmin","email":"[email protected]","metadata":{"intelligence":7}}'
3.8、自定义账号调用查询验证:
使用刚刚添加的用户查询集群健康状况:
$ curl -u testadmin:es123456 http://192.168.3.130:9200/_cluster/health
{
"cluster_name": "es-cls",
"status": "green",
"timed_out": false,
"number_of_nodes": 3,
"number_of_data_nodes": 3,
"active_primary_shards": 19,
"active_shards": 38,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100.0
}
集群健康状况返回结果
使用刚刚添加的用户进行中文分词验证:
$ curl -u lcrm:es123456 -X POST "http://192.168.3.130:9200/_analyze" -H 'Content-Type: application/json' -d '{"analyzer": "ik_max_word","text":"elasticsearch分词插件ik验证"}'
{
"tokens": [
{
"token": "elasticsearch",
"start_offset": 0,
"end_offset": 13,
"type": "ENGLISH",
"position": 0
},
{
"token": "分词",
"start_offset": 13,
"end_offset": 15,
"type": "CN_WORD",
"position": 1
},
{
"token": "插件",
"start_offset": 15,
"end_offset": 17,
"type": "CN_WORD",
"position": 2
},
{
"token": "ik",
"start_offset": 17,
"end_offset": 19,
"type": "ENGLISH",
"position": 3
},
{
"token": "验证",
"start_offset": 19,
"end_offset": 21,
"type": "CN_WORD",
"position": 4
}
]
}
中文分词验证结果
查看所有索引的状态
curl -u testadmin:es123456 '192.168.3.120:9200/_cat/indices?v'
4、配置kibana
4.1、切换到 192.168.3.110,修改kibana.yml
server.port: 5601 server.host: "192.168.3.110" server.name: "master" elasticsearch.hosts: ["http://192.168.3.110:9200", "http://192.168.3.120:9200", "http://192.168.3.130:9200"] elasticsearch.username: "testadmin" elasticsearch.password: "es123456" pid.file: /es/kibana-7.17.15-linux-x86_64/kibana.pid i18n.locale: "zh-CN"kibana.yml 配置
4.2、启动 kibana
$ nohup /es/kibana-7.17.15-linux-x86_64/bin/kibana &
访问验证,使用添加的自定义testadmin登录:
http://192.168.3.110:5601
查看所有用户:
http://192.168.3.110:5601/app/management/security/users
标签:7.17,15,192.168,elasticsearch,kibana,security,es From: https://www.cnblogs.com/dawnlz/p/18262874