ElasticSearch部署

Edited on In ,

介绍

Elasticsearch是位于Elastic Stack核心的分布式搜索和分析引擎,是一个基于Apache Lucene(TM)的开源搜索引擎,无论在开源还是专有领域,Lucene可以被认为是迄今为止最先进、性能最好的、功能最全的搜索引擎库。
但是,Lucene只是一个库。想要发挥其强大的作用,你需使用Java并要将其集成到你的应用中。Lucene非常复杂,你需要深入的了解检索相关知识来理解它是如何工作的。

LogstashBeats有助于收集、聚合和丰富数据,并将其存储在Elasticsearch中。Kibana使您能够交互式地探索、可视化和共享对数据的见解,并管理和监控堆栈。Elasticsearch是索引、搜索和分析魔术发生的地方。

Elasticsearch也是使用Java编写并使用Lucene来建立索引并实现搜索功能,但是它的目的是通过简单连贯的RESTful API让全文搜索变得简单并隐藏Lucene复杂性。
不过,Elasticsearch不仅仅是Lucene和全文搜索引擎,它还提供:

  • 分布式的实时文件存储,每个字段都被索引并可被搜索
  • 实时分析的分布式搜索引擎
  • 可以扩展到上百台服务器,处理PB级结构化或非结构化数据

虽然不是每个问题都是搜索问题,但Elasticsearch提供了在各种用例中处理数据的速度和灵活性:

  • 在应用程序或网站中添加搜索框

  • 存储和分析日志、指标和安全事件数据

  • 使用机器学习来自动模拟实时数据的行为

  • 使用Elasticsearch作为存储引擎实现业务工作流的自动化

  • 使用Elasticsearch作为地理信息系统(GIS)管理、集成和分析空间信息

  • 使用Elasticsearch作为生物信息学研究工具存储和处理遗传数据

附上官网地址

安装

2022-10-01 更新至 8.4.1

2023-01-15 更新至 8.6.0

解压安装

添加用户

1
2
3
4
5
6
7
8
9
10
11
12
# 添加账号
useradd es
# 修改密码
passwd es
# 把用户加入到 root 组
usermod -aG es root
sudo yum install -y wget
# 加入到 sudo 中
sudo vim /etc/sudoers
# 添加一行:   es      ALL=(ALL)       ALL
su es
sudo chown es  ./

Centos 系统配置

max file

修改 

1
sudo vim /etc/security/limits.conf

添加

1
2
3
4
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536

执行

1
2
sudo source /etc/security/limits.conf
ulimit -a

virtual memory 

1
2
3
4
# 添加 一行 vm.max_map_count=655360
sudo echo 'vm.max_map_count=655360' >> /etc/sysctl.conf
# 重新加载参数
sysctl -p

下载

下载地址 or ES start

下载 

1
2
3
4
5
cd /home/es/
mkdir tools && cd tools
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.6.0-linux-x86_64.tar.gz
wget -b https://artifacts.elastic.co/downloads/kibana/kibana-8.6.0-linux-x86_64.tar.gz
wget -b https://artifacts.elastic.co/downloads/logstash/logstash-8.6.0-linux-x86_64.tar.gz

解压

1
2
3
4
5
cd /home/es/
tar -zxf /home/es/tools/elasticsearch-8.6.0-linux-x86_64.tar.gz -C /home/es/
tar -zxf /home/es/tools/kibana-8.6.0-linux-x86_64.tar.gz -C /home/es/
mv /home/es/elasticsearch-8.6.0 /home/es/elasticsearch
mv /home/es/kibana-8.6.0 /home/es/kibana

核心配置

ElasticSearch

配置证书

1
2
3
4
5
6
7
8
/home/es/elasticsearch/bin/elasticsearch-certutil ca
#Please enter the desired output file [elastic-stack-ca.p12]: 输入名称
#Enter password for elastic-stack-ca.p12 : 输入密码
/home/es/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
#Enter password for CA (elastic-stack-ca.p12) : 输入上面的密码
#Please enter the desired output file [elastic-certificates.p12]: 输入当前节点的名称
#Enter password for elastic-certificates.p12 : 输入当前节点的密码
mv /home/es/elasticsearch/elastic-certificates.p12 /home/es/elasticsearch/config/

备份 

1
cp /home/es/elasticsearch/config/elasticsearch.yml  /home/es/elasticsearch/config/elasticsearch.yml-bak

修改

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

cat > /home/es/elasticsearch/config/elasticsearch.yml <<EOF
# 集群名称,在集群中不能重复,默认为  elasticsearch
cluster.name: cluster1
# 集群节点描述
node.name: es-node1
#node.attr.rack: r1
# data数据保存路径,默认为 elasticsearch/data
#path.data: /path/to/data
# 日志数据保存路径,默认为 elasticsearch/logs
#path.logs: /path/to/logs
#bootstrap.memory_lock: true
# 绑定地址,所有人都可以访问
network.host: 0.0.0.0
# 绑定端口,用于外部通讯(9300端口:Tcp协议,ES集群之间的通讯)
http.port: 49200
transport.port: 49300
#discovery.seed_hosts: ["host1", "host2"]
# 集群的节点,单机就写上面的节点名称
cluster.initial_master_nodes: ["es-node1"]
#readiness.port: 9399
#action.destructive_requires_name: false
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: false
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
# 关闭 ssl
  enabled: false
#  keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: elastic-certificates.p12
  truststore.path: elastic-certificates.p12
EOF
cat /home/es/elasticsearch/config/elasticsearch.yml

Kibana

复制配置

1
cp  /home/es/kibana/config/kibana.yml  /home/es/kibana/config/kibana.yml-bak

修改配置

1
2
3
4
5
6
7
8
9
10
11
12
13
cat > /home/es/kibana/config/kibana.yml <<EOF
server.port: 45601
server.host: "192.168.15.68"
server.name: "kibana-host2"
# 代理配置
# server.basePath: "/kibana"
# server.rewriteBasePath: true
elasticsearch.hosts: ["http://192.168.15.68:49200"]
elasticsearch.username: "maxzhao"
elasticsearch.password: "maxzhao."
i18n.locale: "zh-CN"
EOF
cat /home/es/kibana/config/kibana.yml

启动

1
2
3
/home/es/elasticsearch/bin/elasticsearch -d -p 88888
tail -f /home/es/elasticsearch/logs/cluster1.log
/home/es/kibana/bin/kibana

初始化ES密码

1
2
3
4
5
6
7
8
9
10
11
12
13

# 重置 
/home/es/elasticsearch/bin/elasticsearch-reset-password --url "http://127.0.0.1:49200" --username elastic -i 
# 测试重置后的密码
curl -u elastic:elastic. 127.0.0.1:49200
# 重置全部
/home/es/elasticsearch/bin/elasticsearch-setup-passwords interactive
# 查看用户
/home/es/elasticsearch/bin/elasticsearch-users list
# 新增用户
/home/es/elasticsearch/bin/elasticsearch-users useradd maxzhao -p maxzhao. -r apm_system
# 添加角色
/home/es/elasticsearch/bin/elasticsearch-users roles maxzhao -r apm_system -a apm_system,watcher_admin,viewer,logstash_system,rollup_user,kibana_user,beats_admin,remote_monitoring_agent,rollup_admin,snapshot_user,data_frame_transforms_admin,monitoring_user,enrich_user,kibana_admin,logstash_admin,editor,data_frame_transforms_user,machine_learning_user,machine_learning_admin,watcher_user,apm_user,beats_system,transform_user,reporting_user,kibana_system,transform_admin,remote_monitoring_collector,transport_client,ingest_admin,superuser
1
2
3
4
5
6
/home/es/elasticsearch/bin/elasticsearch-users
([useradd <username>] [-p <password>] [-r <roles>]) |
([list] <username>) |
([passwd <username>] [-p <password>]) |
([roles <username>] [-a <roles>] [-r <roles>]) |
([userdel <username>])

访问

  1. 访问ES http://127.0.0.1:49200/
  2. 访问kibana http://localhost:45601

后台启动

1
2
3
/home/es/elasticsearch/bin/elasticsearch -d -p 88888
nohup /home/es/kibana/bin/kibana >> kibana.log 2>&1 &
tail -f kibana.log

停止服务

1
2
3
4
5
ps -ef|grep elasticsearch
ps -ef|grep kibana
kill -9  xxx
# 一键
ps -ef|grep '/kibana' | grep -v grep |awk '{print $2}' |xargs -I {} kill '{}'

启动方式

指定进程ID

进程ID写在文件中,方便关闭

1
2
/home/es/elasticsearch/bin/elasticsearch -d -p 88888
pkill -F 88888

外部化配置

1
/home/es/elasticsearch/bin/elasticsearch -d -Ecluster.name=my_cluster -Enode.name=node_1

环境变量配置

1
2
export HOSTNAME="host1,host2"
vim /home/es/elasticsearch/config/elasticsearch.yml

写入

1
2
node.name:    ${HOSTNAME}
network.host: ${ES_NETWORK_HOST}

开机自启

1
vim /etc/rc.d/rc.local

写入

1
2
su es -c "/home/es/elasticsearch/bin/elasticsearch -d -p 88888"
su es -c "nohup /home/es/kibana/bin/kibana >> kibana.log 2>&1 &"

安装ES插件

1
2
3
4
# 地理位置
/home/es/elasticsearch/bin/elasticsearch-plugin install
# 浏览器信息
/home/es/elasticsearch/bin/elasticsearch-plugin install

配置

1. ES 目录介绍

  1. bin:可执行脚本文件,包含ES的启动脚本
  2. config:配置文件目录
  3. JDK: java环境
  4. lib:依赖的jar,类库
  5. logs:日志文件
  6. modules:ES相关模块
  7. plugins:插件位置
  8. data:自定义的索引存储目录

2. 核心配置文件

elasticsearch/config/elasticsearch.yml 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 集群名称,在集群中不能重复,默认为  elasticsearch
cluster.name: cluster1
# 集群节点描述
node.name: es-node1
# data数据保存路径,默认为 elasticsearch/data
#path.data: /path/to/data
# 日志数据保存路径,默认为 elasticsearch/logs
#path.logs: /path/to/logs
# 绑定地址,所有人都可以访问
network.host: 0.0.0.0
# 绑定端口,用于外部通讯(9300端口:Tcp协议,ES集群之间的通讯)
http.port: 9200
# 集群的节点,单机就写上面的节点名称
cluster.initial_master_nodes: ["es-node1"]

3. 添加用户

Linux 下 ES不允许使用 root 操作 ,需要添加用户。

4.1 生成ES的秘钥

4.1.1 生成根密钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@localhost bin]# ./elasticsearch-certutil ca --pem
future versions of Elasticsearch will require Java 11; your Java version from [/opt/module/haoke/jdk1.8.0_141/jre] does not meet this requirement
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.

The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.

Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority

By default the 'ca' mode produces a single PKCS#12 output file which holds:
    * The CA certificate
    * The CA's private key

If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key

Please enter the desired output file [elastic-stack-ca.zip]:

4.1.2 解压根秘钥

1
2
3
4
5
6
7
8
[root@localhost bin]# unzip elastic-stack-ca.zip 
Archive:  elastic-stack-ca.zip
   creating: ca/
  inflating: ca/ca.crt               
  inflating: ca/ca.key  
总用量 8
-rw-r--r--. 1 root root 1200 327 19:43 ca.crt
-rw-r--r--. 1 root root 1679 327 19:43 ca.key

4.1.3 生成节点秘钥

1
[root@localhost bin]# ./elasticsearch-certutil cert --ca-cert ca/ca.crt --ca-key ca/ca.key --pem

4.1.4 解压节点密钥

1
[root@localhost bin]# unzip certificate-bundle.zip

4.1.5 自定义配置路径

1
2
[root@localhost bin]# cd /usr/local/elasticsearch-7.4.2/config
[root@localhost config]# mkdir x-pack

bin目录生成的ca和instance两个文件夹 拷贝至config下面的x-pack文件夹下

4.2 配置秘钥

1
[root@localhost config]# vi elasticsearch.yml

最后添加如下代码:

1
2
3
4
5
6
7
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: x-pack/instance/instance.key
xpack.ssl.certificate: x-pack/instance/instance.crt
xpack.ssl.certificate_authorities: x-pack/ca/ca.crt
xpack.ssl.verification_mode: certificate
xpack.ssl.client_authentication: required

4.3 重新启动ES

4.3.1 停止服务

1
2
3
4
[root@localhost config]# jps
28696 Elasticsearch
29977 Jps
[root@localhost config]# kill 28696

4.3.2 启动服务

1
2
[root@localhost bin]# cd /usr/local/elasticsearch-7.4.2/bin
[root@localhost bin]# ./elasticsearch -d

4.4 设置密码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@localhost bin]# ./elasticsearch-setup-passwords interactive
future versions of Elasticsearch will require Java 11; your Java version from [/opt/module/haoke/jdk1.8.0_141/jre] does not meet this requirement
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y

Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

问题:

max file descriptors [4096] for elasticsearch process is too low

修改 

1
sudo vim /etc/security/limits.conf

添加

1
2
3
4
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536

执行

1
sudo source /etc/security/limits.conf

max ``virtual memory areas vm.max_map_count [65530] ``is too low, increase to at least [262144]

1
2
3
4
sudo vim  /etc/sysctl.conf  
# 添加 一行 vm.max_map_count=655360
# 重新加载参数
sudo sysctl -p

 注意:使用docker或者k8s启动报该错误修改宿主机或者node的该参数,而不是修改容器镜像的该参数。

elasticsearch.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
# 集群名称,在集群中不能重复,默认为  elasticsearch
cluster.name: my-cluster
# 集群节点描述
node.name: es-node1
# 集群角色,默认如下
# node.roles: ["master","data","data_content","data_hot","data_warm","data_cold","data_frozen","ingest","ml","remote_cluster_client","transform"]
# Add custom attributes to the node:
#node.attr.rack: r1
# data数据保存路径,默认为 elasticsearch/data
#path.data: /path/to/data
path:
  data: 
  	- /var/data/elasticsearch
    - /var/data/elasticsearch
    - /var/data/elasticsearch
# 日志数据保存路径,默认为 elasticsearch/logs
#path.logs: /path/to/logs
  log:
  	- /var/log/elasticsearch
  	- /var/log/elasticsearch
  	- /var/log/elasticsearch
# 绑定地址,所有人都可以访问
network.host: 192.168.2.8
# 绑定端口,用于外部通讯(9300端口:Tcp协议,ES集群之间的通讯)
http.port: 9200
# 集群发现
# The default list of hosts is ["127.0.0.1", "[::1]"]
discovery.seed_hosts: ["192.168.2.9", "192.168.2.10:9300"]
# 集群的节点,单机就写上面的节点名称,从当前节点中投票选出主节点
cluster.initial_master_nodes: ["es-node1"]
#bootstrap.memory_lock: true 
# 删除索引时要求显式名称:
#action.destructive_requires_name: true

kibana.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# 端口
server.port: 5601
# 本机IP
server.host: "192.168.2.2"
#代理下指定一个路径挂载Kibana。
#使用服务器。rewriteBasePath的设置告诉Kibana是否应该删除basePath
#此设置不能以斜杠结束。
#server.basePath: ""
# 重写前缀为 server.basePath,默认为true.
#server.rewriteBasePath: false
# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""
# 请求最大负载大小
#server.maxPayload: 1048576
# 服务名称
#server.name: "your-hostname"
#  Elasticsearch instances.
elasticsearch.hosts: ["http://192.168.2.2:9200"]

# Kibana使用Elasticsearch中的索引来存储已保存的搜索、可视化和仪表盘。Kibana创建一个新的索引,如果这个索引还不存在的话。
#kibana.index: ".kibana"
# 要加载的默认应用程序。
#kibana.defaultAppId: "home"
# 如果你的Elasticsearch受基本身份验证的保护,这些设置将提供Kibana服务器在启动时用于维护Kibana索引的用户名和密码。Kibana的用户仍然需要通过Elasticsearch进行身份验证,Elasticsearch是通过Kibana服务器代理的。
elasticsearch.username: "maxzhao"
elasticsearch.password: "maxzhao"
xpack.security.sessionTimeout: 600000
# 随机数长度大于32 https://www.elastic.co/guide/en/kibana/current/reporting-settings-kb.html
xpack.reporting.encryptionKey: "11112222333344445555666677778888" 
# https://www.elastic.co/guide/en/kibana/6.x/using-kibana-with-security.html
xpack.security.encryptionKey: "11112222333344445555666677778888"
# 分别启用SSL和pem格式的SSL证书和SSL密钥文件的路径。
# 这些设置启用了从Kibana服务器向浏览器发送请求的SSL。
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

问题处理

limit修改不生效

在 /etc/pam.d/login 中,存在:

1
session required pam_limits.so

在 /etc/pam.d/sshd 中,存在:

1
session required pam_limits.so

在 /etc/ssh/ssd_config 中, 存在:

1
2
UsePAM yes
# 修改后需要重启 systemctl restart sshd

本文地址: https://github.com/maxzhao-it/blog/post/34329/