- 服务器 CentOS7
- java8
- es下载地址:https://www.elastic.co/cn/downloads/past-releases
- 版本8.5.0
- 安装目录 /usr/local/es-8.5.0
关键配置项目
elasticsearch.yml
# 集群名称
cluster.name: czty-elastic
# 节点名称
node.name: node-1
# 绑定host,0.0.0.0代表当前节点的ip
network.host: 0.0.0.0
# 设置其它节点和该节点交互的ip地址,如果不设置它会自动判断,值必须是个真实的ip地址(本机ip)
network.publish_host: 10.250.9.83
# 设置对外服务的http端口,默认为9200
# http.port: 9200
# 设置节点间交互的tcp端口,默认是9300
# transport.tcp.port: 9300
# 是否支持跨域,默认为false
http.cors.enabled: true
# 当设置允许跨域,默认为*,表示支持所有域名,如果我们只是允许某些网站能访问,那么可以使用正则表达式
# 比如只允许本地地址。 /https?:\/\/localhost(:[0-9]+)?/
http.cors.allow-origin: "*"
# 表示这个节点是否可以充当主节点
# node.roles: [ master ]
# 所有主从节点ip:port
#discovery.seed_hosts: ["10.250.9.83:9300"] #本地只有一个节点,无法正常启动,先注释
# 这个参数决定了在选主过程中需要 有多少个节点通信 预防脑裂 N/2+1
discovery.zen.minimum_master_nodes: 1
#初始化主节点
#cluster.initial_master_nodes: ["node-1"] #本地只有一个节点,无法正常启动,先注释
#master节点列表,让集群的其他节点找到它
discovery.zen.ping.unicast.hosts: ["10.25.9.93"]
保存 :wq
开启之前:
注意:elasticsearch不支持root用户启动,所以需要新建一个用户,并把解压后的目录权限赋给新建用户。
新建用户 es:useradd es
groupadd bigdata
useradd es
passwd es elasticsearch
usermod -G bigdata es
修改目录属主:
chown -R es:bigdata /usr/local/es-8.5.0/elasticsearch/
服务器参数修改:
vi /etc/sysctl.conf
vm.max_map_count=262144
重启生效:sysctl -p
vi /etc/security/limits.conf
#新增如下内容在limits.conf文件中
* soft nofile 655360
* hard nofile 655360
* soft nproc 40960
* hard nproc 40960
防火墙
#将9200加入白名单
firewall-cmd --zone=public --add-port=9200/tcp --permanent
#刷新防火墙
systemctl restart firewalld.service
启动脚本
su es
cd /usr/local/es-8.5.0/elasticsearch/bin
./elasticsearch -d
访问认证配置
正常情况 elasticsearch开启了认证和http加密
修改elasticsearch.yml 中的参数
xpack.security.enabled: 首次验证 改为 false 重启 即可直接访问 http://ip:9200
将参数修改 xpack.security.enabled: true
web访问 https://10.25.9.93:9200
kill -9 pid 重启 访问 https://10.25.9.93:9200
{
"name" : "node-1",
"cluster_name" : "czty-elastic",
"cluster_uuid" : "7c4cevXhSCKYWZl_Z8gyoQ",
"version" : {
"number" : "8.5.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "c94b4700cda13820dad5aa74fae6db185ca5c304",
"build_date" : "2022-10-24T16:54:16.433628434Z",
"build_snapshot" : false,
"lucene_version" : "9.4.1",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
设置密码
root 账户下
cd /elasticsearch/bin/
./elasticsearch-setup-passwords interactive
问题
./elasticsearch-setup-passwords interactive
Failed to authenticate user 'elastic' against https://10.25.9.93:9200/_security/_authenticate?pretty
Possible causes include:
* The password for the 'elastic' user has already been changed on this cluster
* Your elasticsearch node is running against a different keystore
This tool used the keystore at /usr/local/es-8.5.0/elasticsearch/config/elasticsearch.keystore
You can use the `elasticsearch-reset-password` CLI tool to reset the password of the 'elastic' user
ERROR: Failed to verify bootstrap password
报错: Failed to authenticate user 'elastic' against??????
需要将默认es 默认账户密码重置
./elasticsearch-reset-password -u elastic -i
非root 用户开启报错:
linux elasticsearch8 开启 Exception in thread "main" java.nio.file.AccessDeniedException: /usr/local/elasticsearch.keystore
无权限访问 文件:
执行cd config
chown -R es:bigdata /usr/local/es-8.5.0/elasticsearch/bin/elasticsearch.keystore