elasticsearch单机版安装
安全起见,需要对es启用密码和https登录,下面是基于单机版es的安装及密码启用过程,仅供参考。
[TOC]
系统配置
- 1.配置ulimit及max_map_count,否则启动会报错
max file descriptors [4096] for elasticsearch process is too low
ulimit -n 65536
sudo cat /etc/rc.d/rc.local | grep ulimit | grep 65536 || sudo bash -c "echo 'ulimit -n 65536' >> /etc/rc.d/rc.local"
sudo \cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sudo /usr/sbin/ntpdate -u ntp.aliyun.com
sudo cat /etc/sysctl.conf | grep max_map_count || sudo bash -c "echo 'vm.max_map_count=655360' >> /etc/sysctl.conf"
sudo sysctl -p
es单节点安装
- 2.解压es安装包
cd /opt/
wget -c http://iso.sqlfans.cn/linux/elasticsearch-7.10.1-linux-x86_64.tar.gz
tar -xvf elasticsearch-7.10.1-linux-x86_64.tar.gz -C /data > /dev/null
mv /data/elasticsearch-7.10.1 /data/elasticsearch_9200
mkdir -p /data/elasticsearch_9200/{config/certs,data,snapshot}
- 3.创建es配置文件,假设本机ip为
10.30.3.234
ip=10.30.3.234
cat >/data/elasticsearch_9200/config/elasticsearch.yml<<EOF
cluster.name: es
node.name: es-node-1
path.data: /data/elasticsearch_9200/data
path.logs: /data/elasticsearch_9200/logs
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
network.publish_host: ${ip}
cluster.initial_master_nodes: ["es-node-1"]
reindex.remote.whitelist: ${ip}:9200
indices.query.bool.max_clause_count: 10000000
http.max_content_length: 2000mb
http.max_header_size: 1024k
http.max_initial_line_length: 1024k
http.cors.enabled: true
http.cors.allow-origin: "*"
EOF
- 4.启动es(未启用密码及https)
#.不能使用root启动es
cat /etc/passwd | grep esuser > /dev/null || useradd -M -s /sbin/nologin esuser
chown -R esuser.esuser /data/elasticsearch_9200
sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d
sleep 20 && netstat -lnpt | egrep "(9200|9300)"
/data/elasticsearch_9200/bin/elasticsearch --version
- 5.修改jvm最大内存,建议16g
cat /data/elasticsearch_9200/config/jvm.options | grep "^\-Xm"
- 6.添加开机启动
cat /etc/rc.local | grep elasticsearch || echo "sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d" >> /etc/rc.local
- 7.查看节点状态并创建索引
#.查看节点状态并创建索引
curl -XGET http://127.0.0.1:9200/_cat/nodes?pretty
curl -i -XGET http://127.0.0.1:9200/_cluster/health?pretty
curl -X PUT http://127.0.0.1:9200/test_index_1
curl http://127.0.0.1:9200/_cat/indices?v
启用密码及https
启用密码的步骤
- 8.开启x-pack验证(启用密码但不启用ssl)
sed -i '/^xpack/d' /data/elasticsearch_9200/config/elasticsearch.yml
sudo bash -c "echo 'xpack.security.enabled: true' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.transport.ssl.enabled: true' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.license.self_generated.type: basic' >> /data/elasticsearch_9200/config/elasticsearch.yml"
cat /data/elasticsearch_9200/config/elasticsearch.yml | grep xpack
- 9.重启es服务,使x-pack生效
ps -ef | grep elasticsearch | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d
sleep 20 && netstat -lnpt | egrep "(9200|9300)"
- 10.启用密码登录,这里要逐行执行
cd /data/elasticsearch_9200/
./bin/elasticsearch-setup-passwords auto #.输入y,自动生成的密码不用记录,下面会重置掉
./bin/elasticsearch-users useradd temp -p Admin_147 -r superuser
curl -H "Content-Type:application/json" -XPOST -u temp:Admin_147 'http://127.0.0.1:9200/_xpack/security/user/elastic/_password' -d '{ "password" : "Admin_147" }'
./bin/elasticsearch-users userdel temp
- 11.查看节点状态并创建索引
#.查看节点状态并创建索引
curl -XGET http://elastic:Admin_147@127.0.0.1:9200/_cat/nodes?pretty
curl -i -XGET http://elastic:Admin_147@127.0.0.1:9200/_cluster/health?pretty
curl -X PUT http://elastic:Admin_147@127.0.0.1:9200/test_index_2
curl http://elastic:Admin_147@127.0.0.1:9200/_cat/indices?v
启用https的步骤
- 12.生成ca证书,这里要逐行执行
cd /data/elasticsearch_9200/
./bin/elasticsearch-certutil ca -s #.一路回车,不用设置密码
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 -s #.一路回车,不用设置密码
mv ./elastic*.p12 ./config/certs/
chmod 777 ./config/certs/elastic*.p12
chown -R esuser.esuser /data/elasticsearch_9200
- 13.开启x-pack验证(启用密码+ssl)
sed -i '/^xpack/d' /data/elasticsearch_9200/config/elasticsearch.yml
sudo bash -c "echo 'xpack.security.enabled: true' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.transport.ssl.enabled: true' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.license.self_generated.type: basic' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.transport.ssl.verification_mode: certificate' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.http.ssl.enabled: true' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12' >> /data/elasticsearch_9200/config/elasticsearch.yml"
sudo bash -c "echo 'xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12' >> /data/elasticsearch_9200/config/elasticsearch.yml"
cat /data/elasticsearch_9200/config/elasticsearch.yml | grep xpack
- 14.重启es服务,使x-pack生效
ps -ef | grep elasticsearch | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
sudo -u esuser /data/elasticsearch_9200/bin/elasticsearch -d
sleep 20 && netstat -lnpt | egrep "(9200|9300)"
验证效果
- 15.查看节点状态并创建索引,由于证书不安全,curl需要添加 -k参数
#.查看节点状态并创建索引
curl -k -XGET https://elastic:Admin_147@127.0.0.1:9200/_cat/nodes?pretty
curl -k -i -XGET https://elastic:Admin_147@127.0.0.1:9200/_cluster/health?pretty
curl -k -X PUT https://elastic:Admin_147@127.0.0.1:9200/test_index_3
curl -k https://elastic:Admin_147@127.0.0.1:9200/_cat/indices?v
- 16.使用浏览器登录控制台
地址:https://10.30.3.234:9200
账号:elastic
密码:Admin_147
附录
修复log4j2漏洞
如何彻底卸载es
cd /opt/
ps -ef | grep elasticsearch | grep -v grep | awk '{print $2}' | xargs kill -9 2> /dev/null
rm -rf /data/elasticsearch_9200
sed -i '/elasticsearch/d' /etc/rc.local
userdel -r esuser 2> /dev/null