PHP笔记网

革命尚未成功,同志仍须努力下载JDK17

作者:Albert.Wen  添加时间:2024-05-19 11:29:53  修改时间:2024-12-21 09:50:39  分类:04.大数据/Elasticsearch  编辑

【ELK8】CentOS 7 制作 Elasticsearch-8.12.2 服务脚本,开机自启动:/etc/init.d/elasticsearch


一、下载安装包

点击 前往下载,选择版本号:8.12.2

二、安装Elasticsearch

1、新建好相关目录(注意:根据自己的实际情况调整)

  • 安装目录:/www_app/server/ELK-8.12/elasticsearch
  • 数据目录:/www_app/server/ELK-8.12/elasticsearch/data
  • 日志目录:/www_app/server/ELK-8.12/elasticsearch/logs
#新建目录
mkdir -pv /www_app/server/ELK-8.12/elasticsearch
mkdir -pv /www_app/server/ELK-8.12/elasticsearch/data
mkdir -pv /www_app/server/ELK-8.12/elasticsearch/logs

#解压
tar -xzvf ./elasticsearch-8.12.2-linux-x86_64.tar.gz
#拷贝到指定目录
\cp -rf ./elasticsearch-8.12.2/* /www_app/server/ELK-8.12/elasticsearch

 2、创建一个es专属用户(因为不能为root)

#创建分组
groupadd es

#创建用户
useradd es -g es

#设置密码 dddsoft(注意:服务器上密码就需要复杂些)
passwd es

#给用户分配权限
chown -R es:es /www_app/server/ELK-8.12/elasticsearch

3、配置堆内存 jvm.options

cd /www_app/server/ELK-8.12/elasticsearch/config
vim jvm.options

注意:堆内存不能超过物理内存的一半

-Xms3g
-Xmx3g

如果是本地入门学习测试,可以设置小些,如:

-Xms256m
-Xmx256m

4、配置 elasticsearch.yml

cd /www_app/server/ELK-8.12/elasticsearch/config
vim elasticsearch.yml

配置如下:

# ------------------------------------ Node ------------------------------------
node.name: es-node-1

# ----------------------------------- Paths ------------------------------------
path.data: ./data
path.logs: ./logs

# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9208

# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["127.0.0.1"]
cluster.initial_master_nodes: ["es-node-1"]

三、配置证书

1、配置Elasticsearch节点间通信证书

#切换到bin目录
cd /www_app/server/ELK-8.12/elasticsearch

#切换至用户es
su es

 

(1) 首先,生成或创建认证中心

./bin/elasticsearch-certutil ca

一路按回车,保持默认即可。。。

然后,会在Elasticsearch安装目录下,生成一个名为elastic-stack-ca.p12的证书文件。
路径为:/www_app/server/ELK-8.12/elasticsearch/elastic-stack-ca.p12

 

(2) 借助Elasticsearch的证书实用程序(elasticsearch-certutil)来生成一个新的公开密钥证书。
该证书由名为elastic-stack-ca.p12的已有证书授权实体签署,从而在Elasticsearch集群间确保通信流程的安全性。

./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

一路按回车,保持默认即可。。。

然后,会在Elasticsearch安装目录下,生成一个名为elastic-certificates.p12的证书文件。
路径为:/www_app/server/ELK-8.12/elasticsearch/elastic-certificates.p12

再将elastic-certificates.p12移植到config目录,即:
/www_app/server/ELK-8.12/elasticsearch/config/elastic-certificates.p12

 

(3) 将密码存储在密钥库中。

步骤1:(一路按回车即可)

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

步骤2:(一路按回车即可)

./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

 

(4) 在elasticsearch.yml中,配置上述证书信息

# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false


# 启用SSL以保护Elasticsearch节点间的通信
xpack.security.transport.ssl.enabled: true
# 设置SSL验证模式为证书模式
xpack.security.transport.ssl.verification_mode: certificate
# 要求客户端进行身份验证
xpack.security.transport.ssl.client_authentication: required
# 指定了证书库和信任库的路径,这里使用的是名为elastic-certificates.p12的证书文件
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

2、进行HTTPS加密通信设置

(1) 首先,生成HTTP的证书

./bin/elasticsearch-certutil http

一路按回车,保持默认即可。。。 证书的有效期到是可以设置长一点,默认为3y(3年),可以设置为10y(10年)

 

(2) 然后,将生成的zip文件(即elasticsearch-ssl-http.zip)解压缩为elasticsearch和kibana两个文件夹,如下所示:

[root@dddsoft 456]# tree ./*
./ca
|-- ca.p12
`-- README.txt
./elasticsearch
|-- http.p12
|-- README.txt
`-- sample-elasticsearch.yml
./kibana
|-- elasticsearch-ca.pem
|-- README.txt
`-- sample-kibana.yml

它们分别是Elasticsearch端HTTPS的安全加密机制以及Kibana与Elasticsearch端加密通信机制所需的。

 

(3) 在Elasticsearch端配置生成的http.p12证书。

把新生成的证书拷贝到指定的config/certs路径下。即
/www_app/server/ELK-8.12/elasticsearch/config/certs/http.p12

 

(4) 将密码存储在密钥库中

./elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

 

(5) 在elasticsearch.yml中,配置上述证书信息

# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false


# 启用SSL以保护Elasticsearch节点间的通信
xpack.security.transport.ssl.enabled: true
# 设置SSL验证模式为证书模式
xpack.security.transport.ssl.verification_mode: certificate
# 要求客户端进行身份验证
xpack.security.transport.ssl.client_authentication: required
# 指定了证书库和信任库的路径,这里使用的是名为elastic-certificates.p12的证书文件
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

# HTTPS相关认证
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

 

四、配置Linux系统变量

1、配置 Elasticsearch JDK环境变量(使用自带的JDK)

vim /etc/profile

追加如下内容:

#Elasticsearch JDK环境
export ES_JAVA_HOME=/www_app/server/ELK-8.12/elasticsearch/jdk
export PATH=$PATH:$ES_JAVA_HOME/bin

使profile生效

source /etc/profile

2、配置 修改文件句柄数大小

vim /etc/security/limits.conf

设置:

*   soft nofile   100001
*   hard nofile   100002

使用ulimit -a查看效果。

3、设置 系统所有进程一共可以打开的文件数量

vim /etc/sysctl.conf

设置:

vm.max_map_count = 655360

使配置生效

sysctl -p

注意:用户A如果在/etc/security/limits.conf有配置,当/etc/security/limits.d子目录下配置文件也有用户A的配置时,那么A中某些配置会被覆盖。最终取值是/etc/security/limits.d下的配置文件的值

  • soft:指的是当前系统生效的设置值,软限制也可以理解为警告值。
  • hard:表明系统中所能设定的最大值,soft的限制不能比hard限制高。
  • -:表名同时设置了soft和hard的值

五、重置 elastic 账号密码

/www_app/server/ELK-8.12/elasticsearch
./bin/elasticsearch-reset-password --username elastic -i
#输入自定义密码,如:dddsoft

六、开启防火墙端口:9208

在 阿里云、腾讯云、宝塔面板 等后台,按需对外开放端口访问

七、启动Elasticsearch

cd /www_app/server/ELK-8.12/elasticsearch

#切换到刚新建的Elasticsearch专用用户
su es

#后台运行(注意:调试阶段就不要添加参数 -d 了)
./bin/elasticsearch -d

浏览器访问:https://106.52.67.xxx:9208

  • 输入账号:elastic
  • 输入密码:dddsoft

页面输出:

{
  "name": "es-node-1",
  "cluster_name": "elasticsearch",
  "cluster_uuid": "nJc1MxZqQouN1YdMVXA19g",
  "version": {
    "number": "8.12.2",
    "build_flavor": "default",
    "build_type": "tar",
    "build_hash": "48a287ab9497e852de30327444b0809e55d46466",
    "build_date": "2024-02-19T10:04:32.774273190Z",
    "build_snapshot": false,
    "lucene_version": "9.9.2",
    "minimum_wire_compatibility_version": "7.17.0",
    "minimum_index_compatibility_version": "7.0.0"
  },
  "tagline": "You Know, for Search"
}

 




【后记】工作中的一次配置:直接关闭了【Http安全证书】功能

kibana-8.12.2老是启动失败,报错,于是干脆关闭掉了“Http安全证书”这一功能,,省事!!!

[2024-05-19T22:36:25.197+08:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. self-signed certificate in certificate chain

1、配置文件:elasticsearch.yml

路径:/www_app/server/ELK-8.12/elasticsearch/config/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1

node.name: es-node-1

# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs

path.data: ./data
path.logs: ./logs

# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.

network.host: 0.0.0.0
http.port: 9208

# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.

discovery.seed_hosts: ["127.0.0.1"]
cluster.initial_master_nodes: ["es-node-1"]

# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false


# 开启xpack安全认证功能
#【作用】访问“ES接口”和“Kibana后台”时,都需要输入账号和密码
xpack.security.enabled: true

# Elasticsearch节点之间的SSL认证
xpack.security.transport.ssl.enabled: true
# 设置SSL验证模式为证书模式
xpack.security.transport.ssl.verification_mode: certificate
# 要求客户端进行身份验证
xpack.security.transport.ssl.client_authentication: required
# 指定了证书库和信任库的路径,这里使用的是名为elastic-certificates.p12的证书文件
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

# HTTP接口的SSL认证(注意:关闭了此功能)
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12

2、配置文件:kibana.yml

路径:/www_app/server/ELK-8.12/kibana/config/kibana.yml

# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.

server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"

server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# 浏览器中访问的基本域名地址,注意:不能以/结尾
server.publicBaseUrl: "http://106.52.67.xxx:5601"


# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

server.name: "kibana-1"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

elasticsearch.hosts: ["http://127.0.0.1:9208"]


# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"

elasticsearch.username: "kibana_system"
elasticsearch.password: "Qianyun@8642"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

#elasticsearch.ssl.certificateAuthorities: [ "config/elasticsearch-ca.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

# Enables you to specify a file where Kibana stores log output.
#logging.appenders.default:
#  type: file
#  fileName: /var/logs/kibana.log
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# 切换到中文面板
i18n.locale: "zh-CN"


# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000

 

 

参考:

  1. elasticsearch 8 单机模式、kibana 自己安装试过
  2. Linux 安装 elasticsearch 8 单机安装
  3. Linux下Elasticsearch v8.2.3 体系的下载、安装 —— 各种报错及解决方案
  4. 跟龙叔学ES:Elasticsearch XPACK安全认证
  5. ES启动报错:the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
  6. 记录在Linux上单机elasticsearch 8.4.3 和 kibana 8.4.3