Elasticsearch 7.1.1 集群 + 配置身份验证 - 开发者知识库知识图谱

Elasticsearch 7.1.1 集群 + 配置身份验证 - 开发者知识库

本站和网页 https://www.itdaan.com/blog/2019/06/18/eb1e35db6006341419c0fc55d0a20f4f.html 的作者无关，不对其内容负责。快照谨为网络故障时之索引，不代表被搜索网站的即时页面。

Elasticsearch 7.1.1 集群 + 配置身份验证 - 开发者知识库
开发者知识库
首页
最新
最火
关于
搜索答案
中文繁体
相关内容
Elasticsearch 7.1.1 集群 + 配置身份验证
本文转载自
weavepub
查看原文
2019-06-18
381
elasticsearchelasticsearch
一、安装Elasticsearch
1.1 环境说明
Centos7.6
Elasticsearch7.1.1
#挂载数据盘
fdisk /dev/vdb
n,p,1,回车，回车，wq
fdisk -l
mkfs.ext4 /dev/vdb1
echo '/dev/vdb1 /opt ext4 defaults 0 0' >>/etc/fstab
mount -a
df -h
#时间同步
yum install -y ntp
systemctl enable ntpd && systemctl start ntpd
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp yes
ntpq -p
1.2 操作系统调优
cat >> /etc/sysctl.conf <<EOF
fs.file-max=655360
vm.max_map_count = 262144
EOF
sysctl -p
vim /etc/security/limits.conf
* soft nproc 20480
* hard nproc 20480
* soft nofile 65536
* hard nofile 65536
* soft memlock unlimited
* hard memlock unlimited
vim /etc/security/limits.d/20-nproc.conf
* soft nproc 20480
1.3 安装JDK
yum install -y java-1.8.0-openjdk*
vim /etc/profile
# set java environment
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
source /etc/profile
echo "source /etc/profile" >> /etc/bashrc
1.4 安装es
#新建用户
groupadd elsearchuseradd elsearch -g elsearch -p elasticsearch
#下载cd /optwget https://img.yiyao.cc/elasticsearch-7.1.1-linux-x86_64.tar.gztar -zxvf elasticsearch-7.1.1-linux-x86_64.tar.gzmv elasticsearch-7.1.1 elasticsearchchown -R elsearch.elsearch ./elasticsearch
#JVM调优物理内存一半vim /opt/elasticsearch/config/jvm.options
-Xms8g
-Xmx8g
#配置es，三个节点同时作为 master 和 data
#节点1
cluster.name: wmqees
node.name: es-node1
node.master: true
node.data: true
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 172.16.2.141
http.port: 9200
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts: ["172.16.2.141:9300","172.16.2.142:9300","172.16.2.143:9300"]cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]http.cors.enabled: truehttp.cors.allow-origin: "*"
cluster.initial_master_nodes参数说明：es7 引用了 Bootstrapping a cluster 后，首次启动Elasticsearch集群需要在集群中的一个或多个符合主节点的节点上显式定义初始的符合主节点的节点集。这称为群集自举，这仅在群集首次启动时才需要。
#节点2
cluster.name: wmqees
node.name: es-node2
node.master: true
node.data: true
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 172.16.2.142
http.port: 9200
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts: ["172.16.2.141:9300","172.16.2.142:9300","172.16.2.143:9300"]cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]http.cors.enabled: truehttp.cors.allow-origin: "*"
#节点3
cluster.name: wmqees
node.name: es-node3
node.master: true
node.data: true
path.data: /opt/elasticsearch/data
path.logs: /opt/elasticsearch/logs
bootstrap.memory_lock: true
network.host: 172.16.2.143
http.port: 9200
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts: ["172.16.2.141:9300","172.16.2.142:9300","172.16.2.143:9300"]cluster.initial_master_nodes: ["es-node1", "es-node2", "es-node3"]http.cors.enabled: truehttp.cors.allow-origin: "*"
#启动
su - elsearch -c "/opt/elasticsearch/bin/elasticsearch -d"
#验证curl http://172.16.2.143:9200
"name" : "es-node3",
"cluster_name" : "wmqees",
"cluster_uuid" : "_na_",
"version" : {
"number" : "7.1.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "7a013de",
"build_date" : "2019-05-23T14:04:00.380842Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
curl "localhost:9200/_xpack"
{"build":{"hash":"7a013de","date":"2019-05-23T14:05:50.009976Z"},"license":{"uid":"344f983f-9d20-4476-851a-4172fd669f12","type":"basic","mode":"basic","status":"active"},"features":{"ccr":{"description":"Cross Cluster Replication","available":false,"enabled":true},"graph":{"description":"Graph Data Exploration for the Elastic Stack","available":false,"enabled":true},"ilm":{"description":"Index lifecycle management for the Elastic Stack","available":true,"enabled":true},"logstash":{"description":"Logstash management component for X-Pack","available":false,"enabled":true},"ml":{"description":"Machine Learning for the Elastic Stack","available":false,"enabled":true,"native_code_info":{"version":"7.1.1","build_hash":"fd619a36eb77df"}},"monitoring":{"description":"Monitoring for the Elastic Stack","available":true,"enabled":true},"rollup":{"description":"Time series pre-aggregation and rollup","available":true,"enabled":true},"security":{"description":"Security for the Elastic Stack","available":true,"enabled":false},"sql":{"description":"SQL access to Elasticsearch","available":true,"enabled":true},"watcher":{"description":"Alerting, Notification and Automation for the Elastic Stack","available":false,"enabled":true}},"tagline":"You know, for X"}
说明：显示 license 不为空则安装成功。es7版本默认已经包含xpack认证，无需注册。
1.5 开机自启
vim /etc/init.d/elasticsearch
#!/bin/sh
#chkconfig: 2345 80 05
#description: elasticsearch
#processname: elasticsearch-7.1.1
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64
export JAVA_BIN=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.212.b04-0.el7_6.x86_64/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export ES_HOME=/opt/elasticsearch
case $1 in
start)
su elsearch<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
echo "elasticsearch is started"
;;
stop)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
;;
restart)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
sleep 1
su elsearch<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
echo "elasticsearch is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
说明：需指定JDK环境，要不然会默认使用es自带的JDK，自带的版本太新，去除了GC。
#添加到开机启动任务
chmod +x /etc/init.d/elasticsearchchkconfig --add elasticsearch
#启动
service elasticsearch start
二、配置 TLS 和身份验证
2.1 证书文件
在一个master上执行即可
cd /opt/elasticsearch
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
赋予权限
chown elsearch.elsearch config/elastic-certificates.p12
2.2 修改配置
cat >> config/elasticsearch.yml <<EOF
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
EOF
重启 elasticsearch
service elasticsearch restart
最后把证书文件复制到其他master节点、赋予权限，并同步配置参数。
2.3 设置密码
bin/elasticsearch-setup-passwords interactive
y，分别设置 elastic、apm_system、kibana、logstash_system、beats_system、remote_monitoring_user账号的密码。
2.4 配置kibana
修改 kibana.yml 文件
elasticsearch.username: "kibana"
elasticsearch.password: "elasticxxxxxxx"
然后用超级管理员账号 elastic 登入到 kibana。在kibana中设置角色和账号，也可以修改账号密码。
参考：https://www.elastic.co/cn/blog/getting-started-with-elasticsearch-security
注意！
本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系我们删除。
IIS7 配置身份验证
【Mongodb】3.X 配置身份验证
ASP.NET Core 配置身份验证
Nginx设置身份验证
【Mongodb】3.0 配置身份验证db.createUser（）说明
通过批处理安装 mongodb和设置身份验证
使用nginx代理kibana并设置身份验证
使用nginx代理kibana并设置身份验证
[iis6]站点未设置身份验证，却弹出“需要身份验证”的登陆窗口
IIS身份验证的配置
2014-2022 ITdaan.com 联系我们：
收藏本文
添加到收藏夹 *
关闭确定