CentOS 7 安装 ElasticSearch 8.5
参考:
- Install Elasticsearch from archive on Linux or MacOS | Elasticsearch Guide [8.5] | Elastic
- Install Kibana from archive on Linux or macOS | Kibana Guide [8.5] | Elastic
在 CentOS7 服务器上安装 ES 8.5 的流程如下:
graph LR
step1(下载 es.zip 文件)-->step2(创建es用户)-.->step3(jvm.options中修改jvm内存)-->step4(elasticsearch.yml中修改安全配置)-->step5(测试是否正常运行)
安装
假定 ES 安装在 /usr/local/elasticsearch 目录下
# 进入目录
cd /usr/local/elasticsearch
# 下载安装包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.0-linux-x86_64.tar.gz
# 解压,es 安装在 /usr/local/elasticsearch 目录下
tar -xvzf elasticsearch-8.5.0-linux-x86_64.tar.gz
配置
创建 es 用户
由于 ES 7.x 之后不能以root用户来直接启动ES,需要新建一个用户来启动ES,流程如下
# 创建用户
adduser es
# 创建用户密码,需要输入两次
passwd es
# 将ES文件夹权限赋给创建的用户
chown -R es elasticsearch-8.5.0
# 切换到用户es
su es
# 龙蜥操作系统下要使用如下命令切换
/usr/bin/su es
修改JVM内存
由于安装服务器配置较低,因此需要调整 ES 的 JVM 参数,具体如下:
修改 conf/jvm.options文件,调整:-Xms 、-Xmx 参数,修改为如下
################################################################
## IMPORTANT: JVM heap size
################################################################
##
## The heap size is automatically configured by Elasticsearch
## based on the available memory in your system and the roles
## each node is configured to fulfill. If specifying heap is
## required, it should be done through a file in jvm.options.d,
## which should be named with .options suffix, and the min and
## max should be set to the same value. For example, to set the
## heap to 4 GB, create a new file in the jvm.options.d
## directory containing these lines:
##
-Xms512m
-Xmx512m
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/8.5/heap-size.html
## for more information
##
################################################################
安全配置
参考:security-settings 做安全配置修改,主要修改:xpack.security.http.ssl.enabled:false 支持http方式访问
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["VM-0-5-centos"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0
启动
启动ES流程如下:
# 切换用户
su es
# 进入 $ES_HOME/bin 启动es
./elasticsearch
一个可用的启动脚本es-run.sh如下:
#!/bin/bash
su es <<EOF
# 后台启动
nohup sh /usr/local/elasticsearch/elasticsearch-8.5.0/bin/elasticsearch > es-nohup.log 2>&1 &
EOF
输出如下为启动正常:
{
"name" : "***-centos",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "WM5gOChKR6yL5HCQ-HCumA",
"version" : {
"number" : "8.5.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "c94b4700cda13820dad5aa74fae6db185ca5c304",
"build_date" : "2022-10-24T16:54:16.433628434Z",
"build_snapshot" : false,
"lucene_version" : "9.4.1",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
启动日志中包含如下内容,注意这中间的密码在后续访问过程中会被使用:
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
es-123456
ℹ️ HTTP CA certificate SHA-256 fingerprint:
*************
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
*************
ℹ️ Configure other nodes to join this cluster:
• On this node:
⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.
⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.
⁃ Restart Elasticsearch.
• On other nodes:
⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
测试
测试是否启动正常:
# 测试启动效果
# 用户名为:elastic,密码为:上述日志中的: es-123456 (修改为你日志中的输出)
curl --user elastic:<password> -XGET 'localhost:9200/_cat/health?v&pretty'
注意如果忘记密码,可以通过如下命令重置密码(重置后需要重启es):
# 进入 $ES_HOME/bin 执行 elasticsearch-reset-password ,注意需要先启动es后执行
./elasticsearch-reset-password -u elastic -i
