🌟 一文掌握 《Elasticsearch：8.0 》

一、搭建《Elasticsearch：8.0 》集群 (Linux版)

1.1 准备三台centos、IP分别为129、131、132

1.2 安装 JDK 17

centos7：安装jdk详细步骤

es要求进程最大打开文件数数量为最低65536，每台都执行：

vi /etc/security/limits.conf

* soft nofile 65536 
* hard nofile 65536

修改/etc/sysctl.conf文件

vi /etc/sysctl.conf

vm.max_map_count = 262144

刷新配置

sysctl -p

1.3 下载elasticsearch-8.9.0

下载安装包

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.9.0-linux-x86_64.tar.gz

解压

tar -zxvf elasticsearch-8.9.0-linux-x86_64.tar.gz

1.4 创建as用户（es默认情况下不允许拥root用户运行）

useradd as

passwd as

①新建数据文件夹

mkdir /java/elasticsearch/elasticsearch-8.9.0/data

②新建证书文件夹

mkdir /java/elasticsearch/elasticsearch-8.9.0/config/certs

③更改文件拥有者

chown -R as:as /java/elasticsearch/elasticsearch-8.9.0

④切换到es用户

su as

cd /java/elasticsearch/elasticsearch-8.9.0/bin/

⑤签发 ca 证书

./elasticsearch-certutil ca

⑥用 ca 证书签发节点证书

./elasticsearch-certutil cert --ca elastic-stack-ca.p12

⑦将生成的证书移动到证书文件夹中

mv /java/elasticsearch/elasticsearch-8.9.0/elastic-stack-ca.p12 /java/elasticsearch/elasticsearch-8.9.0/config/certs/

1.5 在centos:129 签发htttp证书

cd /java/elasticsearch/elasticsearch-8.9.0/bin/

./elasticsearch-certutil http

查看证书的位置，解压并移动到证书的文件夹中

cd ..

unzip elasticsearch-ssl-http.zip

mv /java/elasticsearch/elasticsearch-8.9.0/elasticsearch/http.p12 /java/elasticsearch/elasticsearch-8.9.0/config/certs/

修改config/elasticsearch.yml文件：在文末加入如下配置

# 设置 ES 集群名称
cluster.name: es-study
# 设置集群中当前节点名称
node.name: node1
# 节点属性
node.roles: [master,data]
# 设置数据，日志文件路径
path.data: /java/elasticsearch/elasticsearch-8.9.0/data
path.logs: /java/elasticsearch/elasticsearch-8.9.0/logs
# 设置网络访问节点
# network和端口号一定要配置，如果怕安全问题，把host设置成访问此elasticsearch服务器的ip地址，就是设置成唯一访问。 可以配置成 network.host: 0.0.0.0
network.host: 192.168.118.129
# 设置网络访问端口
http.port: 9200
discovery.seed_hosts:
  - 192.168.118.129
  - 192.168.118.131
  - 192.168.118.132
cluster.initial_master_nodes:
  - node1
  - node2
  - node3
# 安全认证
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
 enabled: true # 注意第一个空格
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
xpack.security.transport.ssl:
 enabled: true
 verification_mode: certificate
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none

1.6 启动centos:129 es

cd bin/

./elasticsearch

1.7 在浏览器输入地址：

https://192.168.118.129:9200/

1.7 启动centos:131 es

需要创建用户、修改内存配置、新建data、certs文件夹，更上面的操作一样，再执行一次即可

将centos:129的证书下载，然后传到centos:131对应的文件夹下

修改elasticsearch.yml配置类

cluster.name: es-study
# 设置集群中当前节点名称
node.name: node2
# 节点属性
node.roles: [master,data]
# 设置数据，日志文件路径
path.data: /java/elasticsearch/elasticsearch-8.9.0/data
path.logs: /java/elasticsearch/elasticsearch-8.9.0/logs
# 设置网络访问节点
# network和端口号一定要配置，如果怕安全问题，把host设置成访问此elasticsearch服务器的ip地址，就是设置成唯一访问。 可以配置成 network.host: 0.0.0.0
network.host: 192.168.118.131
# 设置网络访问端口
http.port: 9200
discovery.seed_hosts:
  - 192.168.118.129
  - 192.168.118.131
  - 192.168.118.132
cluster.initial_master_nodes:
  - node1
  - node2
  - node3
# 安全认证
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
 enabled: true # 注意第一个空格
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/http.p12
xpack.security.transport.ssl:
 enabled: true
 verification_mode: certificate
 keystore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
 truststore.path: /java/elasticsearch/elasticsearch-8.9.0/config/certs/elastic-stack-ca.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none

启动es

./elasticsearch