Elasticsearch集群安装
Step 1:修改Elasticsearch目录属主和数组
$ chown -R elastic.elastic /opt/elasticsearch8
2.4.6 node01 节点启动单实例
Step 1:修改Elasticsearch配置文件
$ cp /opt/elasticsearch8/soft/elasticsearch-8.18.2/config/elasticsearch.yml{,.bak}
$ vim /opt/elasticsearch8/soft/elasticsearch-8.18.2/config/elasticsearch.yml
cluster.name: elastic-cluster
node.name: node01
path.data: /opt/elasticsearch8/data
path.logs: /opt/elasticsearch8/log
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization, X-Requested-With, Content-Type, Content-Length"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
Step 2:启动Elasticsearch实例
$ su -c "/opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/elasticsearch" elastic
提示:node01 启动完成,测试通过后,关闭该示例
2.4.5 node01 节点修改配置文件
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/config/
$ vim elasticsearch.yml
cluster.name: elastic-cluster
node.name: node01
path.data: /opt/elasticsearch8/data
path.logs: /opt/elasticsearch8/log
bootstrap.memory_lock: true # 锁定JVM内存页,避免操作系统交换(Swap),提升性能。
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["node01", "node02", "node03"] # 指定elasticsearch集群节点
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization, X-Requested-With, Content-Type, Content-Length"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
xpack.security.enabled: true # 启用安全功能(认证、授权、审计)
xpack.security.enrollment.enabled: true # 允许通过API自动注册节点证书,简化证书管理
xpack.security.http.ssl:
enabled: true # # 启用HTTP层TLS加密
keystore.path: certs/http.p12 # HTTP服务证书存储路径
xpack.security.transport.ssl:
enabled: true # # 启用节点间加密通信
verification_mode: certificate # 仅验证证书有效性,不校验主机名
keystore.path: certs/transport.p12 # 节点身份证书存储路径
truststore.path: certs/transport.p12 # 节点信任证书存储路径
cluster.initial_master_nodes: ["node01"] # 指定elasticsearch集群初始化master节点,仅首次启动时有效,后续由选举机制动态调整。
ingest.geoip.downloader.enabled: false # 禁用GeoIP数据库自动下载。若需地理位置分析(如IP定位),需手动配置数据库路径并定期更新
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/
$ su -c "./elasticsearch" elastic
2.5.6 node01 节点生成其他节点加入集群 Token 值
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/
$ ./elasticsearch-create-enrollment-token -s node # 生成新节点加入安全集群的临时注册令牌;默认有效期30分钟;新节点启动时通过 --enrollment-token 参数使用该令牌,即可自动完成与现有集群的安全认证和配置同步。
2.5.7 node02 加入 node01 集群
Step 1:node01修改配置文件
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/config
$ cp elasticsearch.yml{,.bak}
$ vim elasticsearch.yml
cluster.name: elastic-cluster
node.name: node02
path.data: /opt/elasticsearch8/data
path.logs: /opt/elasticsearch8/log
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
ingest.geoip.downloader.enabled: false
Step 2:切换工作目录
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/
Step 3:加入node01集群
$ su -c "./elasticsearch --enrollment-token eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTkyLjE2OC4xNzQuMTQwOjkyMDAiXSwiZmdyIjoiYTczNjNlMTEzZjZkZGU0NDkyZjhlZWEzNmFjY2JhYmEzODMyNjkwZjQwNzBiYTU1MGJjYzVkMDVhNDAzODQ1MyIsImtleSI6ImNZMjJvWmNCMlBUczhpeWRnX3gtOlJYZWxGdXQ1a015N0xydDA3LTY0blEifQ==" elastic
2.5.8 node03 加入 node01 集群
Step 1:node01修改配置文件
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/config
$ cp elasticsearch.yml{,.bak}
$ vim elasticsearch.yml
cluster.name: elastic-cluster
node.name: node03
path.data: /opt/elasticsearch8/data
path.logs: /opt/elasticsearch8/log
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
ingest.geoip.downloader.enabled: false
Step 2:切换工作目录
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/
Step 3:加入node01集群
$ su -c "./elasticsearch --enrollment-token eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTkyLjE2OC4xNzQuMTQwOjkyMDAiXSwiZmdyIjoiYTczNjNlMTEzZjZkZGU0NDkyZjhlZWEzNmFjY2JhYmEzODMyNjkwZjQwNzBiYTU1MGJjYzVkMDVhNDAzODQ1MyIsImtleSI6ImNZMjJvWmNCMlBUczhpeWRnX3gtOlJYZWxGdXQ1a015N0xydDA3LTY0blEifQ==" elastic
2.5.9 Elasticsearch Head 插件测试
Step 1:node01重置密码
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/
$ ./elasticsearch-reset-password -u elastic -i
2.5.10 Kibana 连接 Elasticsearch 集群
Step 1:下载Kibana安装包
$ wget https://artifacts.elastic.co/downloads/kibana/kibana-8.18.2-linux-x86_64.tar.gz
Step 2:解压安装包至指定目录
$ mkdir /opt/kibana
$ tar xf kibana-8.18.2-linux-x86_64.tar.gz -C /opt/kibana/
Step 3:切换工作目录
$ cd /opt/kibana/kibana-8.18.2/
Steo 4:拷贝Elasticsearch证书文件到配置文件目录
$ cp ~/elasticsearch-ca.pem /opt/kibana/kibana-8.18.2/config/
Step 5:生成Kibana加密秘钥
$ cd /opt/kibana/kibana-8.18.2/bin/
$ ./kibana-encryption-keys generate # 生成 Kibana 加密密钥
Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.19/production.html#openssl-legacy-provider
Kibana Encryption Key Generation Utility
The 'generate' command guides you through the process of setting encryption keys for:
xpack.encryptedSavedObjects.encryptionKey
Used to encrypt stored objects such as dashboards and visualizations
xpack.reporting.encryptionKey
Used to encrypt saved reports
https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html#general-reporting-settings
xpack.security.encryptionKey
Used to encrypt session information
Already defined settings are ignored and can be regenerated using the --force flag. Check the documentation links for instructions on how to rotate encryption keys.
Definitions should be set in the kibana.yml used configure Kibana.
Settings:
xpack.encryptedSavedObjects.encryptionKey: 4f2b237b2eb3da3c2298589e6dcdeb03 # 防止未授权用户篡改或查看保存的 Kibana 对象
xpack.reporting.encryptionKey: 01d610e04b1afe164a705223a562f57d # 确保报告内容在存储和传输中不被窃取
xpack.security.encryptionKey: 2c3fedfa18edac2c1869e17a6802f86c # 保护用户会话 Cookie,防止会话劫持
Step 6:修改配置文件
$ cp config/kibana.yml{,.bak}
$ vim config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
server.name: "elastic-cluster"
i18n.locale: "zh-CN"
xpack.encryptedSavedObjects.encryptionKey: "4f2b237b2eb3da3c2298589e6dcdeb03"
Step 7:创建Kibana用户
$ useradd kibana
Step 8:修改Kibana属主和数组
$ chown -R kibana.kibana /opt/kibana/
Step 9:启动Kibana
$ cd /opt/kibana/kibana-8.18.2/bin/
$ nohup su -c "./kibana" kibana &
$ tail -f nohup.out
Step 1:node01生成Kibana加入Token值
$ cd /opt/elasticsearch8/soft/elasticsearch-8.18.2/bin/
$ ./elasticsearch-create-enrollment-token -s kibana
Step 1:Kibana获取验证码
$ cd /opt/kibana/kibana-8.18.2/bin/
$ ./kibana-verification-code