Linux安裝ES

準備好Linux系統(tǒng)，軟件安裝前需要對當前系統(tǒng)做一些優(yōu)化配置

系統(tǒng)配置修改

一、內(nèi)存優(yōu)化

在/etc/sysctl.conf添加如下內(nèi)容：

1. fs.file-max=655360 系統(tǒng)最大打開文件描述符數(shù)
2. vm.max_map_count=655360 限制一個進程擁有虛擬內(nèi)存區(qū)域的大小
3. sysctl -p生效

[root@localhost /] vi /etc/sysctl.conf 
[root@localhost /] cat /etc/sysctl.conf 
fs.file-max=655360
vm.max_map_count=655360
[root@localhost /] sysctl -p
fs.file-max = 655360
vm.max_map_count = 655360

二、修改最大文件打開數(shù)量

修改 /etc/security/limits.conf 文件
(nofile)最大開打開文件描述符
(nproc)最大用戶進程數(shù)
(memlock)最大鎖定內(nèi)存地址空間

[root@localhost /] vi /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* soft memlock unlimited
* hard memlock unlimited

三、進程數(shù)限制

修改 /etc/security/limits.d/90-nproc.conf

將1024修改為65536

重新登陸 ulimit -a 查看是否生效

系統(tǒng)差異有的可能是 20-nproc.conf

[root@localhost /] vi /etc/security/limits.d/90-nproc.conf
*          soft    nproc     65536
root       soft    nproc     unlimited
[root@localhost ~] ulimit -u
65536

完成以上配置需要重啟服務器 reboot

ElasticSearch安裝

?? 自行下載相應版本安裝包安 https://www.elastic.co/cn/downloads/past-releases#elasticsearch ，裝ES之前確保已經(jīng)安裝了jdk環(huán)境。啟動ES服務時，不能使用root賬號啟動，切換創(chuàng)建的用戶

一、上傳解壓重命名

將ES壓縮包上傳到/home/下

[root@localhost home] cd /home/
[root@localhost home] pwd
/home
[root@localhost home] ll
總用量 338228
-rw-r--r--. 1 root root 346342976 3月  15 14:47 elasticsearch-7.15.0-linux-aarch64.tar.gz

解壓壓縮包

[root@localhost home] tar -zxf elasticsearch-7.15.0-linux-aarch64.tar.gz 
[root@localhost home]# ll
總用量 338228
drwxr-xr-x. 9 root root       155 9月  16 11:07 elasticsearch-7.15.0
-rw-r--r--. 1 root root 346342976 3月  15 14:47 elasticsearch-7.15.0-linux-aarch64.tar.gz

重命名文件夾

[root@localhost home] mv elasticsearch-7.15.0 elasticsearch

創(chuàng)建快照路徑

[root@localhost home] mkdir -p /home/elasticsearch/snapshot/

二、創(chuàng)建用戶并授權(quán)

> 創(chuàng)建`es_user` 組 創(chuàng)建 `es_user`用戶 設(shè)置用戶密碼

```shell
[root@localhost home] groupadd es_user
[root@localhost home] useradd es_user -g es_user
[root@localhost home] passwd es_user
更改用戶 es_user 的密碼 。
新的 密碼：
無效的密碼： 密碼少于 8 個字符
重新輸入新的 密碼：
passwd：所有的身份驗證令牌已經(jīng)成功更新。
```

> 將文件`elasticsearch `的擁有者設(shè)為 `es_user`

```shell
[es_user@localhost home] chown -R es_user:es_user elasticsearch
[es_user@localhost home] ll
總用量 338228
drwxr-xr-x. 9 es_user es_user       155 9月  16 11:07 elasticsearch
-rw-r--r--. 1 root    root    346342976 3月  15 14:47 elasticsearch-7.15.0-linux-aarch64.tar.gz
drwx------. 2 es_user es_user        62 3月  15 15:18 es_user
```

三、修改配置文件

切換當前用戶

[es_user@localhost home] su es_user

修改配置文件 vi /home/elasticsearch/config/elasticsearch.yml

# 集群名稱，同一個集群其他節(jié)點名稱要和主節(jié)點相同
cluster.name: my-application
# 節(jié)點名稱唯一，每一個節(jié)點都需不同
node.name: node-1
# 快照備份路徑
path.repo: /home/elasticsearch/snapshot/
# 數(shù)據(jù)存放路徑，默認 es 根目錄下 可選
#path.data: /path/to/data
# 日志存放路徑，默認 es 根目錄下 可選
#path.logs: /path/to/logs
# true主節(jié)點 子節(jié)點 false
node.master: true

# 綁定 IP 當前主機IP 或 0.0.0.0
network.host: 0.0.0.0

# 端口
http.port: 9200

# 集群發(fā)現(xiàn)，集群需要配置
#discovery.seed_hosts: ["127.0.0.1"]

# 各個節(jié)點列表,集群需要配置
cluster.initial_master_nodes: ["node-1"]

# 開啟系統(tǒng)監(jiān)控日志收集
xpack.monitoring.collection.enabled: true
# 數(shù)據(jù)保留時間默認 7天
xpack.monitoring.history.duration: 7d
xpack.ml.enabled: false

四、啟動ES服務

ES根目錄下的bin目錄啟動 es

[es_user@localhost home] cd elasticsearch/bin/

啟動ES，進入ES ./bin 目錄下執(zhí)行; -d 后臺運行

[es_user@localhost bin] ./elasticsearch -d

驗證是否啟動成功，輸出以下信息證明啟動成功

[root@localhost ~] curl http://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "my6666",
  "cluster_uuid" : "_na_",
  "version" : {
    "number" : "7.15.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "79d65f6e357953a5b3cbcc5e2c7c21073d89aa29",
    "build_date" : "2021-09-16T03:05:29.143308416Z",
    "build_snapshot" : false,
    "lucene_version" : "8.9.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

ES開啟SSL加密傳輸

在開啟SSL認證之前，請確認您的ES服務器可以成功啟動，以及相關(guān)環(huán)境配置都沒有問題，使用es_user用戶進行操作

生成證書

進入ES安裝路徑下,pwd 查看當前路徑，請勿使用root賬號操作，切換至普通用戶或es用戶

[root@localhost elasticsearch] pwd
/home/elasticsearch

生成ca授權(quán)證書

[es_user@localhost elasticsearch]$ ./bin/elasticsearch-certutil ca
Please enter the desired output file [elastic-stack-ca.p12]: 回車即可
Enter password for elastic-stack-ca.p12 : 回車即可

查看當前目錄會生成一個 elastic-stack-ca.p12 證書文件

[es_user@localhost elasticsearch]$ ls
bin  config  elastic-stack-ca.p12  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc

基于證書生成秘鑰證書

[es_user@localhost elasticsearch]$ ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 
Enter password for CA (elastic-stack-ca.p12) : 回車即可
Please enter the desired output file [elastic-certificates.p12]: 回車即可
Enter password for elastic-certificates.p12 :回車即可

查看當前目錄會生成一個 elastic-certificates.p12 證書

[es_user@localhost elasticsearch]$ ls
bin  config  elastic-certificates.p12  elastic-stack-ca.p12  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc

根據(jù)證書文件導出一份CA公鑰文件，用于后續(xù)各應用配置文件(filebeat,logstash)中引用CA公鑰時使用：

[es_user@localhost elasticsearch]$ openssl pkcs12 -clcerts -nokeys -in elastic-stack-ca.p12 -out ca.pem

在當前目錄的 config 目錄下創(chuàng)建一個 certs 目錄用于存放證書文件

[es_user@localhost elasticsearch]$ mkdir -p config/certs

拷貝當前證書文件elastic-certificates.p12 到 config/certs并查看是否拷貝成功

[es_user@localhost elasticsearch]$ cp elastic-certificates.p12 config/certs/
[es_user@localhost elasticsearch]$ ls config/certs/
elastic-certificates.p12

添加SSL證書

添加證書時需要先停止ES服務

通過以下命令查看ES是否啟動，如果啟動使 kill -9 進程pid 結(jié)束進程，如下所示當前ES并未啟動

[es_user@localhost elasticsearch]$ ps -ef|grep elasticsearch
es_user    9616 116449  0 14:44 pts/2    00:00:00 grep --color=auto elasticsearch

編輯config/elasticsearch.yml 配置文件

[es_user@localhost elasticsearch]$ vi config/elasticsearch.yml

在配置文件底部增加以下內(nèi)容

# 開啟安全驗證
xpack.security.enabled: true
# 設(shè)置密碼時改配置為false，設(shè)置成功將此配置設(shè)置為true，并且重啟服務
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12

啟動ES服務 ./bin/elasticsearch 前臺啟動，窗口關(guān)閉服務停止，./bin/elasticsearch -d 后臺啟動

[es_user@localhost elasticsearch]$ ./bin/elasticsearch

生成賬號密碼

執(zhí)行以下命令系統(tǒng)自動生成不同角色賬號，在執(zhí)行命令時需要等待ES完全啟動成功，elastic 賬號類似root賬號有系統(tǒng)最高權(quán)限。將該賬號信息配置到Java application-xxx.yaml配置中，生成成功后妥善保管所有賬號密碼

[es_user@localhost elasticsearch]$ ./bin/elasticsearch-setup-passwords auto 
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
Future versions of Elasticsearch will require Java 11; your Java version from [/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user apm_system
PASSWORD apm_system = Gy2A1L9QPNArAEFdgLSq

Changed password for user kibana_system
PASSWORD kibana_system = bvkPOKij4H0peAtGICjY

Changed password for user kibana
PASSWORD kibana = bvkPOKij4H0peAtGICjY

Changed password for user logstash_system
PASSWORD logstash_system = Cw8pWQpqQWF0pvHfmZqo

Changed password for user beats_system
PASSWORD beats_system = qIqZTl8jNDuys39zUxOF

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = BMg3JiXs4PauCnTNGdYW

Changed password for user elastic
PASSWORD elastic = j80MPels5jfrf9E7PM89

重啟ES服務

重啟之前，先停掉ES服務，修改配置文件，開啟SSL認證

到此ES SSL加密結(jié)束

[es_user@localhost elasticsearch]$ vi config/elasticsearch.yml
xpack.security.http.ssl.enabled: true
[es_user@localhost elasticsearch]$ ./bin/elasticsearch

完整配置文件示例

# 集群名稱
cluster.name: big_data
# 節(jié)點名稱
node.name: node-1
# 主節(jié)點
node.master: true
# 綁定IP地址
network.host: 192.168.0.114
# 端口
http.port: 9200
# 集群發(fā)現(xiàn)
discovery.seed_hosts: ["192.168.0.114"]
# 集群主節(jié)點
cluster.initial_master_nodes: ["node-1"]
# 快照備份路徑
path.repo: /home/elasticsearch/snapshot/
# 開啟系統(tǒng)監(jiān)控日志收集
xpack.monitoring.collection.enabled: true
# 數(shù)據(jù)保留時間默認 7天
xpack.monitoring.history.duration: 7d
# 關(guān)閉ES機器學習
xpack.ml.enabled: false
# 開啟系統(tǒng)安全
xpack.security.enabled: true

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: "optional"

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /home/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /home/elasticsearch/config/certs/elastic-certificates.p12