centos7中es安装

原文连接：http://www.duozhi.online/2023/10/20/centos7%e4%b8%ades%e5%ae%89%e8%a3%85/

1.节点信息

192.168.0.215

192.168.0.216

192.168.0.217

ansible上的hosts配置

[root@MES-203 ansible]# cat hosts 
[k8s]
192.168.0.203 ansible_ssh_user=root ansible_ssh_pass=admin
192.168.0.204 ansible_ssh_user=root ansible_ssh_pass=admin
[pg]
192.168.0.205 ansible_ssh_user=root ansible_ssh_pass=admin
192.168.0.206 ansible_ssh_user=root ansible_ssh_pass=admin
[redis]
192.168.0.208 ansible_ssh_user=root ansible_ssh_pass=admin
192.168.0.209 ansible_ssh_user=root ansible_ssh_pass=admin
[es]
192.168.0.215 ansible_ssh_user=root ansible_ssh_pass=admin
192.168.0.216 ansible_ssh_user=root ansible_ssh_pass=admin
192.168.0.217 ansible_ssh_user=root ansible_ssh_pass=admin

2.关闭防火墙

我是通过203上的ansible操作的
[root@MES-203 ansible]# ansible es -m shell -a "systemctl disable firewalld&&systemctl stop firewalld&&systemctl daemon-reload"

3.yum 源配置

[root@MES-203 ansible]# ansible es -m shell -a "mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak"

[root@MES-203 ansible]# ansible es -m shell -a "cd /etc/yum.repos.d&&wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo"

[root@MES-203 ansible]# ansible es -m shell -a "wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo"

4.时间同步

[root@MES-203 ansible]# ansible es -m shell -a "yum install chrony -y"

[root@MES-203 ansible]# ansible es -m shell -a "systemctl enable chronyd&&systemctl start chronyd&&chronyc sources"

5.安装es

5.1修改服务器文件描述符(三个节点都操作)

[root@sjyt-node-1 src]#vim /etc/security/limits.conf
底部添加如下两项
* soft nofile 65535
* hard nofile 65535

5.2修改max_map_count值(三个节点都操作)

sysctl -w vm.max_map_count=655360
echo 'vm.max_map_count=655360' >> /etc/sysctl.conf 
sysctl -p

5.3下载安装包

ansible es -m shell -a "cd  /home/es&& curl -O https://mirrors.tuna.tsinghua.edu.cn/elasticstack/7.x/yum/7.10.1/elasticsearch-7.10.1-x86_64.rpm"

5.4安装

ansible es -m shell -a " cd  /home/es&&rpm -ivh elasticsearch-7.10.1-x86_64.rpm"

5.5生成证书（因为我这里配置es登陆需要密码）

创建目录

ansible es -m shell -a " mkdir /etc/elasticsearch/cert.d "

在215上操作如下
生成证书
/usr/share/elasticsearch/bin/elasticsearch-certutil cert -out /etc/elasticsearch/cert.d/elastic-certificates.p12 -pass ""

复制到其他两个节点
scp  /etc/elasticsearch/cert.d/elastic-certificates.p12 root@192.168.0.216:/etc/elasticsearch/cert.d/
scp  /etc/elasticsearch/cert.d/elastic-certificates.p12 root@192.168.0.216:/etc/elasticsearch/cert.d/

5.6修改目录权限

ansible es -m shell -a "chown -Rf elasticsearch:elasticsearch /etc/elasticsearch/cert.d/"

5.7创建数据目录并修改权限

ansible es -m shell -a " mkdir -p /home/es/data"
ansible es -m shell -a " chown -Rf elasticsearch:elasticsearch /home/es"

5.8修改各个节点的配置

215

[root@SEARCH-215 elasticsearch]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.215 SEARCH-215
192.168.0.216 SEARCH-216
192.168.0.217 SEARCH-217

[root@SEARCH-215 elasticsearch]# cat /etc/elasticsearch/elasticsearch.yml grep -v '#'grep -v '^$'
cluster.name: my-application
node.name: SEARCH-215
path.data: /home/es/data
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.0.215", "192.168.0.216", "192.168.0.217"]
cluster.initial_master_nodes: ["SEARCH-215", "SEARCH-216", "SEARCH-217"]
http.cors.enabled: true
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/cert.d/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/cert.d/elastic-certificates.p12

216

[root@SEARCH-215 elasticsearch]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.215 SEARCH-215
192.168.0.216 SEARCH-216
192.168.0.217 SEARCH-217

[root@SEARCH-216 cert.d]# cat /etc/elasticsearch/elasticsearch.yml grep -v '#'grep -v '^$'
cluster.name: my-application
node.name: SEARCH-216
path.data: /home/es/data
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.0.215", "192.168.0.216", "192.168.0.217"]
cluster.initial_master_nodes: ["SEARCH-215", "SEARCH-216", "SEARCH-217"]
http.cors.enabled: true
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/cert.d/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/cert.d/elastic-certificates.p12

217

[root@SEARCH-215 elasticsearch]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.215 SEARCH-215
192.168.0.216 SEARCH-216
192.168.0.217 SEARCH-217

[root@SEARCH-217 cert.d]# cat /etc/elasticsearch/elasticsearch.yml grep -v '#'grep -v '^$'
cluster.name: my-application
node.name: SEARCH-217
path.data: /home/es/data
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.0.215", "192.168.0.216", "192.168.0.217"]
cluster.initial_master_nodes: ["SEARCH-215", "SEARCH-216", "SEARCH-217"]
http.cors.enabled: true
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/cert.d/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/cert.d/elastic-certificates.p12

5.9启动es并设置开机启动

ansible es -m shell -a " systemctl enable elasticsearch.service&&systemctl start elasticsearch.service"

5.10生成密码，后面kibana要用

215上操作即可

[root@SEARCH-215 elasticsearch]# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y
 
 
Changed password for user apm_system
PASSWORD apm_system = zBPaGISyN9m6qUCoGsFp
 
Changed password for user kibana_system
PASSWORD kibana_system = EnsrtwPFPaOnCARPVzBT
 
Changed password for user kibana
PASSWORD kibana = EnsrtwPFPaOnCARPVzBT
 
Changed password for user logstash_system
PASSWORD logstash_system = If45EppAecsAopUUl46F
 
Changed password for user beats_system
PASSWORD beats_system = mkVyjNqrp4zrXZIzvqQG
 
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = 2sTPKEvwHI2v5Gjr9z1s
 
Changed password for user elastic
PASSWORD elastic = tPtXYtJu3NJJSX5lenaq
 
[root@SEARCH-215 elasticsearch]# 

5.11验证

6.关键目录

[root@SEARCH-215 elasticsearch]# find / -type d -name elasticsearch
/run/elasticsearch
/etc/elasticsearch
/var/lib/elasticsearch
/var/log/elasticsearch
/usr/share/elasticsearch

参考文献

https://blog.csdn.net/xjjj064/article/details/113348492