一、搭建《Elasticsearch:8.0 》集群 (Linux版)
1.1 准备三台centos、IP分别为129、131、132
1.2 安装 JDK 17
es要求进程最大打开文件数数量为最低65536,每台都执行:
vi /etc/security/limits.conf
linux
* soft nofile 65536
* hard nofile 65536
修改/etc/sysctl.conf文件
vi /etc/sysctl.conf
linux
vm.max_map_count = 262144
刷新配置
sysctl -p
1.3 下载elasticsearch-8.9.0
下载安装包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.9.0-linux-x86_64.tar.gz
解压
tar -zxvf elasticsearch-8.9.0-linux-x86_64.tar.gz
1.4 创建as用户(es默认情况下不允许拥root用户运行)
useradd as
passwd as
①新建数据文件夹
mkdir /java/elasticsearch/elasticsearch-8.9.0/data
②新建证书文件夹
mkdir /java/elasticsearch/elasticsearch-8.9.0/config/certs
③更改文件拥有者
chown -R as:as /java/elasticsearch/elasticsearch-8.9.0
④切换到es用户
su as
cd /java/elasticsearch/elasticsearch-8.9.0/bin/
⑤签发 ca 证书
./elasticsearch-certutil ca
⑥用 ca 证书签发节点证书
./elasticsearch-certutil cert --ca elastic-stack-ca.p12
⑦将生成的证书移动到证书文件夹中
mv /java/elasticsearch/elasticsearch-8.9.0/elastic-stack-ca.p12 /java/elasticsearch/elasticsearch-8.9.0/config/certs/
1.5 在centos:129 签发htttp证书
cd /java/elasticsearch/elasticsearch-8.9.0/bin/
./elasticsearch-certutil http
查看证书的位置,解压并移动到证书的文件夹中
cd ..
unzip elasticsearch-ssl-http.zip
mv /java/elasticsearch/elasticsearch-8.9.0/elasticsearch/http.p12 /java/elasticsearch/elasticsearch-8.9.0/config/certs/
修改config/elasticsearch.yml文件:在文末加入如下配置
linux
# 设置 ES 集群名称
cluster.name: es-study
# 设置集群中当前节点名称
node.name: node1
# 节点属性
node.roles: [master,data]
# 设置数据,日志文件路径
path.data: /java/elasticsearch/elasticsearch-8.9.0/data
path.logs: /java/elasticsearch/elasticsearch-8.9.0/logs
# 设置网络访问节点
# network和端口号一定要配置,如果怕安全问题,把host设置成访问此elasticsearch服务器的ip地址,就是设置成唯一访问。 可以配置成 network.host: 0.0.0.0
network.host: 192.168.118.129
# 设置网络访问端口
http.port: 9200
discovery.seed_hosts:
- 192.168.118.129
- 192.168.118.131
- 192.168.118.132
cluster.initial_master_nodes:
- node1
- node2
- node3
# 安全认证
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true # 注意第一个空格
keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none
1.6 启动centos:129 es
cd bin/
./elasticsearch
1.7 在浏览器输入地址:
https://192.168.118.129:9200/
1.7 启动centos:131 es
需要创建用户、修改内存配置、新建data、certs文件夹,更上面的操作一样,再执行一次即可
将centos:129的证书下载,然后传到centos:131对应的文件夹下
修改elasticsearch.yml配置类
linux
cluster.name: es-study
# 设置集群中当前节点名称
node.name: node2
# 节点属性
node.roles: [master,data]
# 设置数据,日志文件路径
path.data: /java/elasticsearch/elasticsearch-8.9.0/data
path.logs: /java/elasticsearch/elasticsearch-8.9.0/logs
# 设置网络访问节点
# network和端口号一定要配置,如果怕安全问题,把host设置成访问此elasticsearch服务器的ip地址,就是设置成唯一访问。 可以配置成 network.host: 0.0.0.0
network.host: 192.168.118.131
# 设置网络访问端口
http.port: 9200
discovery.seed_hosts:
- 192.168.118.129
- 192.168.118.131
- 192.168.118.132
cluster.initial_master_nodes:
- node1
- node2
- node3
# 安全认证
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true # 注意第一个空格
keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none
启动es
./elasticsearch