一:下载和解压JDK安装包
下载地址:https://mirrors.huaweicloud.com/openjdk/17/openjdk-17_linux-x64_bin.tar.gz
解压:tar -zxvf jdk-17_linux-x64_bin.tar.gz
二:配置JDK环境
编辑/etc/profile文件:
vi /etc/profile
JAVA_HOME=/opt/jdk/jdk-17
PATH=JAVA_HOME/bin:PATH
保存后执行source /etc/profile使配置生效
验证安装: java -version
三:安装elasticsearch-8.12.2
下载地址:
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.12.2-linux-x86_64.tar.gz
mkdir -p /opt/elasticsearch
cd /opt/elasticsearch
tar -zxvf elasticsearch-8.12.2-linux-x86_64.tar.gz
四:配置 Elasticsearch 集群
编辑elasticsearch-8.12.2/config/elasticsearch.yml文件
java
# 集群名称
cluster.name: my-es-cluster
node.name: node-1
node.roles: [master, data]
# 分别为数据和日志存储路径
path.data: /opt/elasticsearch/elasticsearch-8.12.2/data
path.logs: /opt/elasticsearch/elasticsearch-8.12.2/logs
# 设置为0.0.0.0表示允许所有 IP 访问
network.host: 0.0.0.0
# 为 HTTP 访问端口
http.port: 9200
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
discovery.seed_hosts: ["192.168.29.18:9300", "192.168.29.19:9300", "192.168.29.20:9300"]
# 设置为true时,激活Elasticsearch集群的认证、授权、加密通信等安全功能
xpack.security.enabled: true
# 启用加密(true)禁用加密(false)
xpack.security.transport.ssl.enabled: true
# certificate-严格验证模式(推荐生产环境)none-仅启用SSL加密传输,但不验证证书的有效性
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /opt/elasticsearch/elasticsearch-8.12.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /opt/elasticsearch/elasticsearch-8.12.2/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: 123456 # 关键:需与生成证书时设置的密码一致
xpack.security.transport.ssl.truststore.password: 123456 # 通常与密钥库密码相同
# 禁用自动下载
ingest.geoip.downloader.enabled: false
xpack.ml.enabled: false四:创建证书
生成新的CA证书:
./bin/elasticsearch-certutil ca
直接回车键
输入密码:123456
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
#Please enter the desired output file [elastic-certificates.p12]:直接回车键
#Enter password for elastic-certificates.p12 :123456
五:把 elastic-certificates.p12 和 elastic-stack-ca.p12证书移到如下目录:
/opt/elasticsearch/elasticsearch-8.12.2/config/certs
mv elastic-certificates.p12 elastic-stack-ca.p12 config/certs
六:创建用户并设置权限
groupadd es
useradd -g es es
chown -R es:es elasticsearch-8.12.2
七:其他节点配置:
把整个elasticsearch目录copy到192.168.29.19和192.168.29.20机器,
创建用户并设置权限
八:启动 Elasticsearch 集群
su es
./bin/elasticsearch - d
九:验证集群状态
使用以下命令验证集群状态:
curl -u elastic -X GET "http://localhost:9200/_cluster/health?pretty"
输入elastic用户的密码,查看集群的健康状态等信息。如果集群健康状态为green或yellow,表示集群部署成功。
若未记录初始密码,如何重置 elastic 密码?
bin目录下:
./elasticsearch-reset-password -u elastic -b 123456
或
./elasticsearch-reset-password -u elastic -i
curl -u elastic:123456 "http://localhost:9200/_cluster/health?pretty" 验证成功
说明:
-u elastic:指定要重置密码的用户为 elastic。
-i:交互式输入新密码(也可省略 -i,直接在命令后加密码,如 ./elasticsearch-reset-password -u elastic -b "NewPassword123!",但不推荐明文暴露)。
按照提示输入新密码(需满足复杂度要求,如至少 6 位,包含大小写字母、数字等),重置成功后即可使用新密码登录。
es集群客户端下载地址:
https://github.com/lmenezes/cerebro/releases/download/v0.9.4/cerebro-0.9.4.zip(Windows)
https://github.com/lmenezes/cerebro/releases/download/v0.9.4/cerebro-0.9.4.tgz(Linux)
下一篇将记录cerebro如何使用,敬请期待....