elasticsearch7.6.2集群源码安装(含x-pack白金 head插件)
一、搭建最新版本的elasticsearch7.6.2集群源码安装
环境
| 服务器 | 配置 | 服务 | 系统 | es版本 | 节点名字 |
|---|---|---|---|---|---|
| 192.168.10.60 | 20G 12core 200G磁盘 | node.master/node.data | CentOS 7.7 | es7.6.2 | master-1/node-1 |
| 192.168.10.61 | 20G 12core 200G磁盘 | node.master/node.data | CentOS 7.7 | es7.6.2 | master-2/node-2 |
| 192.168.10.62 | 20G 12core 200G磁盘 | node.master/node.data | CentOS 7.7 | es7.6.2 | master-3/node-3 |
服务器基础优化
文件句柄
Linux中,每个进程默认打开的最大文件句柄数是1000,对于服务器进程来说,显然太小,通过修改/etc/security/limits.conf来增大打开最大句柄数和/etc/security/limits.d/20-nproc.conf 配置
$ vi /etc/security/limits.conf
* soft nproc 1024000
* hard nproc 1024000
$ vi /etc/security/limits.d/20-nproc.conf
* soft nproc 65535
内核优化
$ cat /etc/sysctl.conf
#CTCDN系统优化参数
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#决定检查过期多久邻居条目
net.ipv4.neigh.default.gc_stale_time=120
#使用arp_announce / arp_ignore解决ARP映射问题
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
# 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1
# 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
#关闭路由转发
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
#开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#关闭sysrq功能
kernel.sysrq = 0
#core文件名中添加pid作为扩展名
kernel.core_uses_pid = 1
# 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 1
#修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536
#设置最大内存共享段大小bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#timewait的数量,默认180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
#每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 262144
#限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
#未收到客户端确认信息的连接请求的最大值
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#内核放弃建立连接之前发送SYNACK 包的数量
net.ipv4.tcp_synack_retries = 1
#内核放弃建立连接之前发送SYN 包的数量
net.ipv4.tcp_syn_retries = 1
#启用timewait 快速回收
net.ipv4.tcp_tw_recycle = 1
#开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
#当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
#允许系统打开的端口范围
net.ipv4.ip_local_port_range = 1024 65000
#修改防火墙表大小,默认65536
net.netfilter.nf_conntrack_max=655350
net.netfilter.nf_conntrack_tcp_timeout_established=1200
# 确保无人能修改路由表
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
vm.max_map_count = 1000000
fs.nr_open = 10000000
fs.file-max = 11000000
安装es
下载软件
$ cd /usr/local/src
$ wget wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-linux-x86_64.tar.gz
$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.6.2-x86_64.rpm
## JDK建议13版本
$ https://www.oracle.com/technetwork/java/javase/downloads/jdk13-downloads-5672538.html
分发软件到其他机器
$ for i in 192.168.10.60 192.168.10.61 192.168.10.62 ;do cd /usr/local/src/ && scp kibana-7.6.2-linux-x86_64.tar.gz jdk-13.0.1_linux-x64_bin.rpm elasticsearch-7.6.2-linux-x86_64.tar.gz $i:/usr/local/src/ ;done
安装jdk和es
各个节点安装
$ yum localinstall -y /usr/local/src/jdk-13.0.1_linux-x64_bin.rpm
$ mkdir -p /data/work
$ tar xf /usr/local/src/elasticsearch-7.6.2-linux-x86_64.tar.gz -C /data/work
$ cp -r /data/work/elasticsearch-7.6.2 /data/work/elasticsearch-7.6.2_master
$ mv /data/work/elasticsearch-7.6.2 /data/work/elasticsearch-7.6.2_node
验证jdk
$ java -version
java version "13.0.1" 2019-10-15
Java(TM) SE Runtime Environment (build 13.0.1+9)
Java HotSpot(TM) 64-Bit Server VM (build 13.0.1+9, mixed mode, sharing)
配置SSL安全认证
master节点生成证书
$ cd /data/work/elasticsearch-7.6.2_master
$ ./bin/elasticsearch-certutil ca ##生成ca证书 保存elastic-stack-ca.p12路径并输入密码(123qwe123)
$ ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 ##生成客户端证书
保存elastic-certificates.p12路径并输入密码(123qwe123)
将elastic-stack-ca.p12 拷贝到各个节点的/data/work/elasticsearch-7.6.2_master/config/下和/data/work/elasticsearch-7.6.2_node下
$ for i in 192.168.10.60 192.168.10.61 192.168.10.62 ;do cd /data/work/elasticsearch-7.6.2_master && scp elastic-* $i:/data/work/elasticsearch-7.6.2_master/config/ ;done
$ for i in 192.168.10.60 192.168.10.61 192.168.10.62 ;do cd /data/work/elasticsearch-7.6.2_node && scp elastic-* $i:/data/work/elasticsearch-7.6.2_node/config/ ;done
目录结构
[root@khbq-es01 ~]# tree /data/work/ -L 2
/data/work/
├── elasticsearch-7.6.2_master
│ ├── bin
│ ├── config
│ ├── elastic-certificates.p12
│ ├── elastic-stack-ca.p12
│ ├── jdk
│ ├── lib
│ ├── LICENSE.txt
│ ├── logs
│ ├── modules
│ ├── NOTICE.txt
│ ├── plugins
│ └── README.asciidoc
└── elasticsearch-7.6.2_node
├── bin
├── config
├── jdk
├── lib
├── LICENSE.txt
├── logs
├── modules
├── NOTICE.txt
├── plugins
└── README.asciidoc
[root@khbq-es01 ~]# ll /data/work/elasticsearch-7.6.2_master/config/
总用量 48
-rw------- 1 elastic elasticsearch 3443 6月 1 18:23 elastic-certificates.p12
-rw-rw---- 1 elastic elasticsearch 337 6月 1 17:54 elasticsearch.keystore
-rw-r----- 1 elastic elasticsearch 904 6月 1 19:09 elasticsearch.yml
-rw------- 1 elastic elasticsearch 2527 6月 1 18:23 elastic-stack-ca.p12
-rw-r----- 1 elastic elasticsearch 2301 6月 1 18:02 jvm.options
-rw-r----- 1 elastic elasticsearch 17545 6月 1 17:30 log4j2.properties
-rw-r----- 1 elastic elasticsearch 473 6月 1 17:30 role_mapping.yml
-rw-r----- 1 elastic elasticsearch 197 6月 1 17:30 roles.yml
-rw-r----- 1 elastic elasticsearch 0 6月 1 17:30 users
-rw-r----- 1 elastic elasticsearch 0 6月 1 17:30 users_roles
所有elasticsearch节点将密码添加至elasticsearch-keystore(密码123qwe123)
$ bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
$ bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
编辑各个节点的配置文件修改
master节点 elasticsearch.yml
[root@khbq-es01 ~]# egrep -v '^#|#$' /data/work/elasticsearch-7.6.2_master/config/elasticsearch.yml
cluster.name: cluster-khbq
node.name: master-1
node.master: true
path.data: /home/elasticsearch_master/data
path.logs: /home/elasticsearch_master/logs
http.port: 9200
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.60"]
discovery.zen.ping.unicast.hosts: ["192.168.10.60", "192.168.10.61", "192.168.10.62"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 60s # 心跳超时时间
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization,X-Requested-With,Content-Length,Content-Type"
path.repo: ["/home/snapshot"]
search.max_buckets: 2000000
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/work/elasticsearch-7.6.2_master/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/work/elasticsearch-7.6.2_master/config/elastic-certificates.p12
master节点 jvm.options 文件
[root@khbq-es01 ~]# vi /data/work/elasticsearch-7.6.2_master/config/jvm.options ## 修改以下两项
-Xms4g
-Xmx4g
node节点 elasticsearch.yml 文件
[root@khbq-es01 ~]# egrep -v '^#|#$' /data/work/elasticsearch-7.6.2_node/config/elasticsearch.yml
cluster.name: cluster-khbq
node.name: node-1
node.data: true
node.master: false
path.data: /home/elasticsearch_node/data
path.logs: /home/elasticsearch_node/logs
http.port: 9201
network.host: 0.0.0.0
cluster.initial_master_nodes: ["192.168.10.60"]
discovery.zen.ping.unicast.hosts: ["192.168.10.60", "192.168.10.61", "192.168.10.62"]
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 60s # 心跳超时时间
http.cors.enabled: true
http.cors.allow-origin: "*"
path.repo: ["/home/snapshot"]
search.max_buckets: 2000000
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /data/work/elasticsearch-7.6.2_node/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /data/work/elasticsearch-7.6.2_node/config/elastic-certificates.p12
修改master节点 jvm.options 文件
[root@khbq-es01 ~]#vi /data/work/elasticsearch-7.6.2_node/config/jvm.options ## 修改以下两项
-Xms8g
-Xmx8g
安装ik分词
官网下载ik后解压到/data/work/elasticsearch-7.6.2_*/plugins/ik/下
注意 每台服务器上的master节点和node节点的plugins下都要有ik这个目录(ik目录手动创建的)
192.168.10.60 此节点master节点和node节点配置完毕,其他的两台机器如上一样修改配置,注意 node.name, node.data, node.master的配置区别
创建启动账户
启动es不可使用root权限,需创建普通用户,安装es时候系统已经默认新增了elasticsearch组和用户,但是 是nologin的,还需要手动创建普通用户。
##创建数据目录
# mkdir /home/{elasticsearch_master,elasticsearch_node}/{data,logs} -p
## 创建普通账户和组
# groupadd elasticsearch
# useradd elastic -G elasticsearch
# echo elastic |passwd elastic --stdin
## 授权
# chown -R elastic:elasticsearch /data/work/elasticsearch*/
# chown -R elastic:elasticsearch /home/elasticsearch*/
所有节点启动es
## 192.168.10.60
su elastic
/data/work/elasticsearch-7.6.2_master/bin/elasticsearch -d
/data/work/elasticsearch-7.6.2_node/bin/elasticsearch -d
## 192.168.10.61
su elastic
/data/work/elasticsearch-7.6.2_master/bin/elasticsearch -d
/data/work/elasticsearch-7.6.2_node/bin/elasticsearch -d
## 192.168.10.62
su elastic
/data/work/elasticsearch-7.6.2_master/bin/elasticsearch -d
/data/work/elasticsearch-7.6.2_node/bin/elasticsearch -d
稍等一会 选举出master
配置es集群的管理用户密码
在其中某一台机器上执行就可以
[elastic@khbq-es01 elasticsearch-7.6.2_master]$ ./bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
查看集群节点状态
[elastic@khbq-es02 work]$ curl --user elastic:xx 'localhost:9200/_cat/master?v'
id host ip node
8YLmsGKvT3ekOOj-p7FQqg 192.168.10.62 192.168.10.62 master-3
[elastic@khbq-es02 root]$ curl --user elastic:Devops@123 'localhost:9200/_cat/nodes?v'
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.10.61 13 84 0 1.89 0.71 0.29 dilm - master-2
192.168.10.62 16 84 0 0.28 0.27 0.14 dilm - master-3
192.168.10.61 9 84 0 1.89 0.71 0.29 dil - node-2
192.168.10.60 16 79 0 0.15 0.08 0.07 dilm * master-1
192.168.10.62 13 84 0 0.28 0.27 0.14 dil - node-3
192.168.10.60 6 79 0 0.15 0.08 0.07 dil - node-1
二、破解x-pack插件获取永久白金特权(仅供学习使用)
随便找一个目录创建两个java文件 分别是:
比如cd /opt
LicenseVerifier.java文件
[root@khbq-es01 opt]# cat LicenseVerifier.java
package org.elasticsearch.license;
/**
* * Responsible for verifying signed licenses
* */
public class LicenseVerifier {
/**
* * verifies the license content with the signature using the packaged
* * public key
* * @param license to verify
* * @return true if valid, false otherwise
* */
public static boolean verifyLicense(final License license, byte[] publicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
XPackBuild.java 文件
[root@khbq-es01 opt]# cat XPackBuild.java
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
public class XPackBuild {
public static final XPackBuild CURRENT;
static {
CURRENT = new XPackBuild("Unknown", "Unknown");
}
/**
* * Returns path to xpack codebase path
* */
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
private String shortHash;
private String date;
XPackBuild(String shortHash, String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return shortHash;
}
public String date() {
return date;
}
}
重新编译
javac -cp "/data/work/elasticsearch-7.6.2_master/lib/elasticsearch-7.6.2.jar:/data/work/elasticsearch-7.6.2_master/lib/lucene-core-8.4.0.jar:/data/work/elasticsearch-7.6.2_master/modules/x-pack-core/x-pack-core-7.6.2.jar" LicenseVerifier.java
javac -cp "/data/work/elasticsearch-7.6.2_master/lib/elasticsearch-7.6.2.jar:/data/work/elasticsearch-7.6.2_master/lib/lucene-core-8.4.0.jar:/data/work/elasticsearch-7.6.2_master/modules/x-pack-core/x-pack-core-7.6.2.jar:/data/work/elasticsearch-7.6.2_master/lib/elasticsearch-core-7.6.2.jar" XPackBuild.java
生成2个class文件
[root@khbq-es01 opt]# ll
总用量 3148
-rw-r--r-- 1 root root 410 6月 2 09:42 LicenseVerifier.class
-rw-r--r-- 1 root root 588 6月 2 09:41 LicenseVerifier.java
-rw-r--r-- 1 root root 1464 6月 2 09:42 XPackBuild.class
-rw-r--r-- 1 root root 1232 6月 2 09:41 XPackBuild.java
将/data/work/elasticsearch-7.6.2_master/modules/x-pack-core/x-pack-core-7.6.2.jar文件和/opt下的两个class文件 拷贝到自己的电脑上 最好是windows机器
用360压缩软件打开x-pack-core-7.6.2.jar 并替换两个class文件
将该替换后的新的jar包与安装目录的进行替换,然后重启Elasticsearch
更新许可证
官方申请地址: https://register.elastic.co/marvel_register
公司地址什么课以随便填写,邮箱要填好,然后收到邮件,进行文件下载。 下载下来,修改里面的内容,主要是把 “basic” 改为 “platinum” 即白金版,“expiry_date_in_millis” 这个时间戳改大点,就够用了。
{"license":{"uid":"21213675-4eee-41fe-a3db-f0f6eb731ac0","type":"platinum","issue_date_in_millis":1578009600000,"expiry_date_in_millis":16097183999990,"max_nodes":100,"issued_to":"test bai (test)","issuer":"Web Form","signature":"AAAAAwAAAA3aGeigKUwHJNzBe9K5AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBe9NVefXJFn90DlQlM/EEFWO0MQ+uqXnzyfZ0GlK1dArPd22pTCy6muKo0F8s9fA3iJVczxucdHs5g99vRX4x4cNsQSzFeOIc+Xx/d94ZRIfd92jEelpgjrg9zQMVbVg6It4BMboHMQGePBVleSEpXHpdBeRw+WdeyIlnatxPiDSF3wltagAzpy/ZLjcl0ihG6iV0lW+e0QlG0Xzf4c1/4wSv2Tjq3PU8DDqIvfQZN/GitS2GsnNsCtqqH5WC2oXaIKBGi3q6NoCuBI4QxJbsXhYJcPEFgUj5Fq7Xm/8Ga3c5gOUqNT4xiEtHjSQjRJd2s7kZ2dKNdU1wAJHuwiPoA","start_date_in_millis":1578009600000}}
可以在Kibana上上传许可证激活,也可以用命令的方式
curl -XPUT 'http://localhost:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
命令方式 返回 {“acknowledged”:true,“license_status”:“valid”} 就表示续命成功了 。
错误1:可能是之前已设置过用户密码,若忘记了,没关系。
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
* This tool used the keystore at /usr/share/elasticsearch/config/elasticsearch.keystore
解决:
关闭ElasticSearch的xpack安全验证(即修改/docker/elasticsearch/config/elasticsearch.yml
中的xpack.security.enabled和xpack.security.transport.ssl.enabled为false);
重启ElasticSearch服务
重启好后用以下命令删除索引 .secutity-7
curl -XDELETE http://localhost:9200/.secutity-7
删除好后再重新按照上面设置密码的操作打开xpack验证重启ElasticSearch服务进入容器内部进行密码设置
三、elasticsearch-head安装
下载elasticsearch-head-master
git clone https://github.com/mobz/elasticsearch-head
cd /opt/elasticsearch-head-master/
下载node.js
elasticsearch-head-master]# curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
elasticsearch-head-master]# yum install -y nodejs
查看是否下载成功
elasticsearch-head-master]# node -v
v10.17.0
elasticsearch-head-master]# npm -v
6.13.0
安装grunt
elasticsearch-head-master]# npm install -g grunt-cli
elasticsearch-head-master]# npm install
修改
elasticsearch-head-master]# vim Gruntfile.js,添加hostname: '0.0.0.0'
server: {
options: {
hostname: '0.0.0.0',
port: 9100,
base: '.',
keepalive: true
}
}
elasticsearch-head-master]# vim _site/app.js,将this.prefs.get("app-base_uri") || "localhost:9200",修改如下
this._super();
this.prefs = services.Preferences.instance();
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.10.60:9200";
由于上面已经安装了head插件,所以下面操作是上方内容的后续;
1.通过页面访问http://IP:9100后显示的是空白界面;这是由于head无法连接ES,因为我们有
X-pack认证,并无法交互输入用户名密码,所以UI为空界面
需要配置elasticsearch.yaml文件后重启es 所有mastrer节点
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization,X-Requested-With,Content-Length,Content-Type"
启动
elasticsearch-head-master]# npm run start nohup npm run start(后台启动)
访问
http://192.168.10.45:9100/?auth_user=elastic&auth_password=xxx
