- 环境:linux7 elasticsearch7.10.1 kibana 7.10.1
- 下载elk: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz
- https://artifacts.elastic.co/downloads/kibana/kibana-7.10.1-linux-x86_64.tar.gz
- https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1-linux-x86_64.tar.gz
- 下载完成后将上传到服务器上:
- 解压:elasticsearch-7-master elasticsearch-7-node
- 配置:需要改变一些参数的大小,避免启动es报错。
vim /etc/security/limits.conf * soft nofile 65537 * hard nofile 65537 * soft nproc 65537 * hard nproc 65537 vim /etc/sysctl.conf vm.max_map_count = 262144 net.core.somaxconn = 65535 net.ipv4.ip_forward = 1
- 创建用户及用户组:由于es不能使用root启动,故创建elastic 用户组和用户elastic。
创建用户组: groupadd elastic 创建用户: useradd elastic -g elastic
- 创建data 和logs 目录,并将权限赋予elastic:
## 创建es目录 mkdir var/elastic/data mkdir var/elastic/logs mkdir var/elasticX/data mkdir var/elasticX/logs ## 赋予权限: chown -R elastic:elastic /var/elastic chown -R elastic:elastic /var/elasticX chown -R elastic:elastic /usr/local/elasticsearch-7-master chown -R elastic:elastic /usr/local/elasticsearch-7-node
- 修改配置文件:maste 配置文件:elasticsearch.yml 配置文件不要包含中文字符
cluster.name: my-application node.name: node1-serasp node.max_local_storage_nodes: 2 node.attr.rack: r1 path.data: /var/elastic/data path.logs: /var/elastic/logs network.host: 0.0.0.0 network.publish_host: xx.xx.xx.xx http.port: 9200 transport.tcp.port: 9300 discovery.seed_hosts: ["xx.xx.xx.xx:9301"] cluster.initial_master_nodes: ["node1","node2"] xpack.security.enabled: true http.cors.enabled: true http.cors.allow-origin: "*" transport.tcp.compress: true node.master: true ## xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
- node 配置文件:xx.xx.xx.xx 代表你本机ip.
cluster.name: my-application node.name: node1-serasp node.max_local_storage_nodes: 2 node.attr.rack: r1 path.data: /var/elasticX/data path.logs: /var/elasticX/logs network.host: 0.0.0.0 network.publish_host: xx.xx.xx.xx http.port: 9201 transport.tcp.port: 9301 discovery.seed_hosts: ["xx.xx.xx.xx:9300"] cluster.initial_master_nodes: ["node1","node2"] xpack.security.enabled: true http.cors.enabled: true http.cors.allow-origin: "*" transport.tcp.compress: true node.master: false ## xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
- 生成密钥p12文件:
进入es master 主节点目录/usr/locall/elasticsearch-7-master 按如下补足生成证书文件: 文件根目录下执行 ./bin/elasticsearch-certutil ca 依次输入回车(文件使用默认名),密码: 之后执行bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 依次输入上一个步骤的密码。回车(文件使用默认名),密码(建议与上一步密码相同) 执行bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password 并输入第一步输入的密码 执行bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 并输入第一步输入的密码 将生成的elastic-certificates.p12、elastic-stack-ca.p12文件mv到config目录下,并连同elasticsearch.keystore 文件 复制到其他节点的config目录中。
- 启动主节点:切换到elastic用户去启动: su elastic
-
后台启动模式:
./bin/elasticsearch -d -p node.pid
- 启动后:需要打开防火墙端口:
查看所有已开的防火墙的端口: firewall-cmd --list-all 新增开放端口: firewall-cmd --add-port=9200/tcp 永久新增开放端口: firewall-cmd --permanent --add-port=9200/tcp
- 启动成功后:执行如下命令:自动修改密码, 然后记录下密码:
-
bin/elasticsearch-setup-passwords auto
- 访问:http://xxx:9200/_cluster/health?pretty
- 即可查看集群信息:
- 然后再去启动node节点。
- 再次访问即可。
- kibana 配置:配置之前生成的用户名密码,启动kibana,打开kibana端口,在远程即可访问。
elasticsearch.username: "kibana" elasticsearch.password: ""
- 访问时:输入elastic 即密码,超级用户登录。