一、环境说明
三台云服务器,openEuler或Ubuntu均可,且已关闭防火墙和SELinux,私有IP地址址如下:
172.18.18.110、172.18.18.120、172.18.18.130
二、物料准备
以下以elasticsearch-8.14.0为例,若需要配置更新版本,将8.14.0替换为更新版本号即可,且三个版本必须完全相同。
2.1 下载安装包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.0-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-8.14.0-linux-x86_64.tar.gz
wget https://get.infini.cloud/elasticsearch/analysis-ik/8.14.0 # 此处下载下来的文件没有扩展名,其实是zip格式文件,需自行修改添加zip扩展名,命令为mv 8.14.0 analysis-ik-8.14.0.zip三、配置elasticsearch服务
3.1 修改系统配置
以下3.1和3.2节的操作要求用root用户身份完成
3.1.1 在文件末尾添加下面的参数值
bash
# echo "* soft nofile 65536" >> /etc/security/limits.conf && echo "* hard nofile 131072" >> /etc/security/limits.conf
# echo "* soft memlock unlimited" >> /etc/security/limits.conf && echo "* hard memlock unlimited" >> /etc/security/limits.conf
# echo "vm.max_map_count=655360" >> /etc/sysctl.conf3.1.2 加载配置使更改生效
bash
# sysctl -p3.2 创建安装目录和用户
以root用户身份在三台服务器上创建安装目录/usr/local/elasticsearch,同时创建普通用户es用于配置elasticsearch。
3.2.1 创建目录,并添加新用户
bash
# groupadd es && mkdir /usr/local/elasticsearch && useradd -m -g es -d /home/es -s /bin/bash es && chown -R es:es /usr/local/elasticsearch3.2.2 为新用户指定密码
密码请自行设定
bash
# passwd es3. 3 以es普通用户身份配置elasticsearch
注:以下操作要求以普通用户es身份执行。
3.3.1 上传安装包
将准备好的安装包上传到三台服务器的安装目录/usr/local/elasticsearch
(1)172.18.18.110上传包:
bash
$ scp elasticsearch-8.14.0-linux-x86_64.tar.gz analysis-ik.8.14.0.tar.gz kibana-8.14.0-linux-x86_64.tar.gz es@172.18.18.110:/usr/local/elasticsearch(2)172.18.18.120 上传包
bash
$ scp elasticsearch-8.14.0-linux-x86_64.tar.gz analysis-ik.8.14.0.tar.gz es@172.18.18.120:/usr/local/elasticsearch(3)172.18.18.130 上传包
bash
$ scp elasticsearch-8.14.0-linux-x86_64.tar.gz analysis-ik.8.14.0.tar.gz es@172.18.18.130:/usr/local/elasticsearch然后在三台服务器中分别解压安装包,命令如下:
bash
$ tar -xzf elasticsearch-8.14.0-linux-x86_64.tar.gz
$ tar -xzf kibana-8.14.0-linux-x86_64.tar.gz
$ unzip analysis-ik-8.14.0.zip -d analysis-ik-8.14.03.3.2 配置环境变量
三台服务器依次复制解压的ik插件到elasticsearch插件目录,然后配置环境变量
bash
# 复制目录文件
$ cp -r analysis-ik-8.14.0 /usr/local/elasticsearch/elasticsearch-8.14.0/plugins/
# 配置环境变量
$ echo "export PATH=\$PATH:/usr/local/elasticsearch/elasticsearch-8.14.0/jdk/bin" >> .bash_profile
# 使环境变量生效
$ source ~/.bash_profile3.3.3 创建数据和日志目录
在三台服务器上依次创建data和日志目录:
bash
$ mkdir -p /usr/local/elasticsearch/elasticsearch-8.14.0/data && mkdir -p /usr/local/elasticsearch/elasticsearch-8.14.0/logs3.3.4 生成并分发证书文件
(1)在1172.18.18.110生成证书文件并移动到指定配置目录,然后分发到另外两台机器
bash
$ /usr/local/elasticsearch/elasticsearch-8.14.0/bin/elasticsearch-certutil ca
$ /usr/local/elasticsearch/elasticsearch-8.14.0/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12注:提示输入时直接回车,不用指定密码!
(2)创建证书目录并移动证书文件到该目录下
bash
$ mkdir -p /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs && mv /usr/local/elasticsearch/elasticsearch-8.14.0/*.p12 /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/(3)分发证书到另外两台服务器
bash
$ scp -r /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/ es@172.18.18.120:/usr/local/elasticsearch/elasticsearch-8.14.0/config/
$ scp -r /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/ es@172.18.18.130:/usr/local/elasticsearch/elasticsearch-8.14.0/config/3.3.5 修改elasticsearch的jvm配置
根据官方建议,将堆内存大小设置为总内存的50%,以下以设置为2G为例。
bash
$ vim /usr/local/elasticsearch/elasticsearch-8.14.0/config/jvm.options
-Xms2g
-Xmx2g3.3.6 修改elasticsearch配置文件elasticsearch.yml
bash
$ vim /usr/local/elasticsearch/elasticsearch-8.14.0/config/elasticsearch.yml可将三台服务器的elasticsearch.yml配置文件清空,然后分别配置成以下内容
(1)172.18.18.110服务器的配置文件内容
bash
cluster.name: es-cls
node.name: node1
node.roles: [master, data]
path.data: /usr/local/elasticsearch/elasticsearch-8.14.0/data
path.logs: /usr/local/elasticsearch/elasticsearch-8.14.0/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["172.18.18.110:9300", "172.18.18.120:9300", "172.18.18.130:9300"]
cluster.initial_master_nodes: ["node1", "node2", "node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/elastic-certificates.p12(2)172.18.18.120服务器的配置文件内容
bash
cluster.name: es-cls
node.name: node2
node.roles: [master, data]
path.data: /usr/local/elasticsearch/elasticsearch-8.14.0/data
path.logs: /usr/local/elasticsearch/elasticsearch-8.14.0/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["172.18.18.110:9300", "172.18.18.120:9300", "172.18.18.130:9300"]
cluster.initial_master_nodes: ["node1", "node2" ,"node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/elastic-certificates.p12(3)172.18.18.130服务器的配置文件内容
bash
cluster.name: es-cls
node.name: node3
node.roles: [master, data]
path.data: /usr/local/elasticsearch/elasticsearch-8.14.0/data
path.logs: /usr/local/elasticsearch/elasticsearch-8.14.0/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["172.18.18.110:9300", "172.18.18.120:9300", "172.18.18.130:9300"]
cluster.initial_master_nodes: ["node1", "node2" ,"node3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch/elasticsearch-8.14.0/config/certs/elastic-certificates.p123.3.7 启动elasticsearch服务
依次启动服务(以后台方式运行):
bash
$ /usr/local/elasticsearch/elasticsearch-8.14.0/bin/elasticsearch -d3.3.8 修改内置账户密码
三台服务器的es服务都启动完成后,建议修改内置账户密码 ,在任意一台机器上修改即可:
bash
$ /usr/local/elasticsearch/elasticsearch-8.14.0/bin/elasticsearch-setup-passwords interactive按提示依次输入各个账户密码,为方便维护,建议设置成相同的,这里以设置为es123456为例
3.3.9 添加自定义账号
使用内置的用户elastic添加自定义账号testadmin,角色为超级管理员:superuser,密码为:es123456,该操作在任意一台服务器上操作即可。
这里使用curl命令调用添加,命令如下:
bash
$ curl -u elastic:es123456 -X POST "1172.18.18.1109200/_security/user/testadmin?pretty" -H 'Content-Type: application/json' -d \
'{"password":"es123456","roles":["superuser"],"full_name":"testadmin","email":"testadmin@mail.com","metadata":{"intelligence":7}}'3.3.10 自定义账号调用查询验证
使用刚刚添加的用户查询集群健康状况:
bash
$ curl -u testadmin:es123456 http://172.18.18.130:9200/_cluster/health集群健康状况返回结果内容示例如下:
bash
{
"cluster_name": "es-cls",
"status": "green",
"timed_out": false,
"number_of_nodes": 3,
"number_of_data_nodes": 3,
"active_primary_shards": 33,
"active_shards": 66,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100.0
}3.3.11 新增自定义角色custom_admin
bash
$ curl -u testadmin:es123456 -X PUT "http://172.18.18.130:9200/_security/role/custom_admin" -H 'Content-Type: application/json' -d '{
"cluster": ["all"],
"indices": [
{
"names": ["*"],
"privileges": ["all"],
"allow_restricted_indices": true
}
],
"applications": [
{
"application": "*",
"privileges": ["*"],
"resources": ["*"]
}
]
}'3.3.12 为testadmin用户分配新角色
bash
$ curl -u testadmin:es123456 -X PUT "http://172.19.95.143:9200/_security/user/mhyxadmin" -H 'Content-Type: application/json' -d '{"roles": ["custom_admin"] }'3.3.13 使用testadmin用户进行中文分词验证
bash
$ curl -u testadmin:es123456 -X POST "http://172.18.18.130:9200/_analyze" -H 'Content-Type: application/json' -d '{"analyzer": "ik_max_word","text":"elasticsearch分词插件ik验证"}'输出示例如下:
bash
{
"tokens": [{
"token": "elasticsearch",
"start_offset": 0,
"end_offset": 13,
"type": "ENGLISH",
"position": 0
}, {
"token": "分词",
"start_offset": 13,
"end_offset": 15,
"type": "CN_WORD",
"position": 1
}, {
"token": "插件",
"start_offset": 15,
"end_offset": 17,
"type": "CN_WORD",
"position": 2
}, {
"token": "ik",
"start_offset": 17,
"end_offset": 19,
"type": "ENGLISH",
"position": 3
}, {
"token": "验证",
"start_offset": 19,
"end_offset": 21,
"type": "CN_WORD",
"position": 4
}]
}3.3.14 查看所有索引的状态
bash
$ curl -u testadmin:es123456 '172.18.18.120:9200/_cat/indices?v'输出内容示例如下:
bash
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size dataset.size
green open .internal.alerts-transform.health.alerts-default-000001 vTG_2TIuQZS7GtbAG6ttNw 1 1 0 0 498b 249b 249b
green open .internal.alerts-observability.logs.alerts-default-000001 5UENf1JfQYeo1IEp5tsF7g 1 1 0 0 498b 249b 249b
green open .internal.alerts-observability.uptime.alerts-default-000001 4kSVv9Q0Q4GDKwBhI8cZ6w 1 1 0 0 498b 249b 249b
green open .internal.alerts-ml.anomaly-detection.alerts-default-000001 Xo5HZgNcQ5ezif_mrmVgSA 1 1 0 0 498b 249b 249b
green open .internal.alerts-observability.slo.alerts-default-000001 FZWhIj-pS0KHYO5Se8XKtg 1 1 0 0 498b 249b 249b
green open .internal.alerts-default.alerts-default-000001 n7IGI5VPTUW09ooRPntJbw 1 1 0 0 498b 249b 249b
green open .internal.alerts-observability.apm.alerts-default-000001 MByKZV5OQzmaA6ADD9O9sQ 1 1 0 0 498b 249b 249b
green open .internal.alerts-observability.metrics.alerts-default-000001 qWSUZCxeSpWC9-RPDuHNhQ 1 1 0 0 498b 249b 249b
green open .kibana-observability-ai-assistant-conversations-000001 KFnsvVLLRp2AFm9W0f156w 1 1 0 0 498b 249b 249b
green open .internal.alerts-ml.anomaly-detection-health.alerts-default-000001 WictcRmjR9-RtjeL4L2yYQ 1 1 0 0 498b 249b 249b
green open .internal.alerts-observability.threshold.alerts-default-000001 wTb0lkiJRneSCJQ-RtpHyw 1 1 0 0 498b 249b 249b
green open .kibana-observability-ai-assistant-kb-000001 fgJLxqEES2m2aDVUYbO_rQ 1 1 0 0 498b 249b 249b
green open .internal.alerts-security.alerts-default-000001 KtbNo4t0TiG-ZBO2_llj8A 1 1 0 0 498b 249b 249b
green open test_index Ny4nZxGUQyiAvX3iFa7kBg 1 1 0 0 498b 249b 249b
green open .internal.alerts-stack.alerts-default-000001 csCnN52uTJCYR5EtnQcdJg 1 1 0 0 498b 249b 249b四、配置kibana
以下操作也要求使用普通普用es进行配置
4.1 修改配置文件kibana.yml
在172.18.18.110服务器,进入kibana-8.14.0/config目录,可清空kibana.yml文件内容,添加如下内容:
bash
server.port: 5601
server.host: "172.18.18.110
server.name: "myKibana"
elasticsearch.hosts: ["http://172.18.18.110:9200", "http://172.18.18.120:9200", "http://172.18.18.130:9200"]
elasticsearch.username: "testadmin"
elasticsearch.password: "es123456"
pid.file: /usr/local/elasticsearch/kibana-8.14.0/kibana.pid
i18n.locale: "zh-CN"4.2 启动 kibana
bash
$ nohup /usr/local/elasticsearch/kibana-8.14.0-linux-x86_64/bin/kibana &4.3 配置安全组(可选)
若采用云服务器,这里还要配置安全组,放行TCP 5601端口和9200端口。若用虚拟机,此步骤可跳过。
4.4 访问验证
访问以下URL,使用自定义的testadmin用户登录,其中x.x.x.x为云服务器172.18.18.110的弹性IP或者该虚拟机IP地址。
访问以下URL,查看所有用户,其中x.x.x.x为云服务器172.18.18.110的弹性IP或者该虚拟机IP地址。
http://x.x.x.x:5601/app/management/security/users
五、参考文献
1\] [https://www.cnblogs.com/dawnlz/p/18262874](https://www.cnblogs.com/dawnlz/p/18262874 "https://www.cnblogs.com/dawnlz/p/18262874") \[2\] [https://www.elastic.co/docs/deploy-manage/deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos#stack-security-certificates](https://www.elastic.co/docs/deploy-manage/deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos#stack-security-certificates "https://www.elastic.co/docs/deploy-manage/deploy/self-managed/install-elasticsearch-from-archive-on-linux-macos#stack-security-certificates")