前言:
ElasticSearch 7.5默认自带x-pack认证,开启后可提高集群安全性。
配置文件位置:
程序配置文件:/etc/elasticsearch/elasticsearch.yml
jvm配置文件:/etc/elasticsearch/jvm.options
1. 确认基础环境
确认主机limit相关参数
grep vm.max_map_count /etc/sysctl.conf && sed -i "s@vm.max_map_count.*@vm.max_map_count=655360@g" /etc/sysctl.conf || echo 'vm.max_map_count=655360' >>/etc/sysctl.conf
sysctl -p
确认主机无其他ElasticSearch软件包
rpm -qa | grep elasticsearch >/dev/null && echo exists || echo yes#执行此命令输出为yes即可
2. 使用YUM源进行安装
yum install jdk1.8.0_131 -y
yum install elasticsearch-7.5.2 -y
3. 修改配置
修改cluster.name配置
修改network.host配置为0.0.0.0
修改cluster.initial_master_nodes为本机提供服务的IP
修改gateway.recover_after_nodes为1
4. 设置密码
修改配置文件,增加配置,开启认证
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
5. 安装IK分词
/usr/share/elasticsearch/bin/elasticsearch-plugin install file:///root/elasticsearch-analysis-ik-7.5.2.zip
由于elastic官方未提供ik分词插件,需下载插件进行安装。下载地址为https://web.chinamcloud.com/k8s/ik/elasticsearch-analysis-ik-7.5.2.zip
wget https://web.chinamcloud.com/k8s/ik/elasticsearch-analysis-ik-7.5.2.zip
https://web.chinamcloud.com/k8s/ik/elasticsearch-analysis-ik-7.5.2.zip
6.启动服务:
|
7. 初始化elastic用户密码(根据提示输入对应用户密码)
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
8. 单点配置文件实例(/etc/elasticsearch/elasticsearch.yml)
cluster.name: elasticsearch
node.name: master
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: false
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["master"]
cluster.initial_master_nodes: ["master"]
node.master: true
node.data: true
node.ingest: true
http.cors.enabled: true
http.cors.allow-origin: "*"
indices.fielddata.cache.size: 30%
cluster.max_shards_per_node: 50000
启用x-pack认证后,认证问题:
wget http://web.chinamcloud.com/elasticsearch/x-pack-core-7.5.2.jar 破解后得jar文件
cp x-pack-core-7.5.2.jar /usr/share/elasticsearch/modules/x-pack-core/ 覆盖原有文件
systemctl restart elasticsearch
curl http://172.19.30.46:9200/_xpack/license --user elastic:密码