前言:去年公司为了实现电子书在线阅读的全文检索,前期调研并使用阿里云的opensearch,后期又切回了es,当时以为es8要求jdk版本高会和项目有冲突,所以选择了es的7.14.0版本。最近发现,es其实是自带jdk的,才转过来这个弯,es的jdk和项目本身没有什么关系。所以这里对es8做下简单了解,毕竟一个大版本的升级,效率上还是有很大提升的。
安装步骤
- 下载,我们去官网下载8.2.3版本的elasticsearch,虽然当前最新版本是8.3.2,但是后面我们要用到的ik分词器现在只支持到8.2.3。发挥拿来主义,先用8.2.3,下载地址
- 准备一台虚拟机做服务器,ip地址10.168.1.110,除root用户外新建用户es:es,用来启动es。上传下载的文件到服务器
/opt/software
目录下。 - 解压,
tar -zxvf elasticsearch-8.2.3-linux-x86_64.tar.gz
- 修改配置文件,config目录下的elasticsearch.yml,内容如下
#集群名
cluster.name: myes8
#节点名
node.name: node-1
#绑定ip地址
network.host: 0.0.0.0
#暴露的http端口
http.port: 9200
#内部通信端口
transport.profiles.default.port: 9300
#索引目录
path.data: /opt/software/elasticsearch-8.2.3/data
#日志目录
path.logs: /opt/software/elasticsearch-8.2.3/logs
# 允许通配符删除索引
action.destructive_requires_name: true
# 配置集群初始时,作为master的主机,单节点时配置本节点名称(node.name)
# 必须使用完整的 node.name
# 重新启动集群或向现有集群添加新节点时,不要使用此设置
cluster.initial_master_nodes: ["node-1"]
# 配置启动时要发现的master列表(IP 或 可解析的域名),端口默认为9300
# 单节点时不用配置或配置为本节点IP
discovery.seed_hosts: ["10.168.1.110:9300"]
#使用head等插件监控集群信息,需要打开以下配置项
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
根据自己的内存调整jvm.options
- 修改所在文件夹归属用户为es
chown -R es:es /opt/software/elasticsearch-8.2.3
- 切换为es用户,并执行bin目录下的启动命令
[root@192 elasticsearch-8.2.3]# su es
[es@192 elasticsearch-8.2.3]$ cd bin
[es@192 bin]$ ./elasticsearch
出现错误信息:bootstrap check failure [1] of [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
切换到root用户,修改 /etc/sysctl.conf
增加 vm.max_map_count=262145
并执行sysctl -p
使其生效。
再次启动,可以看到启动成功,并打印出了密码信息:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.
ℹ️ Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):
fKQ9xzUrmg3ElzlVjziX
ℹ️ HTTP CA certificate SHA-256 fingerprint:
270d1b067f1aa00cb44f0c11defde1cf24781fa466fe4e2723192ceb660285d3
ℹ️ Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjIuMyIsImFkciI6WyIxMC4xNjguMS4xMTA6OTIwMCJdLCJmZ3IiOiIyNzBkMWIwNjdmMWFhMDBjYjQ0ZjBjMTFkZWZkZTFjZjI0NzgxZmE0NjZmZTRlMjcyMzE5MmNlYjY2MDI4NWQzIiwia2V5IjoiLTZ1R1FJSUJJYktXN2wtM2ZpZjg6UGd0TlpPSHdTLW1EeXhLY0JEN0hTdyJ9
ℹ️ Configure other nodes to join this cluster:
• Copy the following enrollment token and start new Elasticsearch nodes with `bin/elasticsearch --enrollment-token <token>` (valid for the next 30 minutes):
eyJ2ZXIiOiI4LjIuMyIsImFkciI6WyIxMC4xNjguMS4xMTA6OTIwMCJdLCJmZ3IiOiIyNzBkMWIwNjdmMWFhMDBjYjQ0ZjBjMTFkZWZkZTFjZjI0NzgxZmE0NjZmZTRlMjcyMzE5MmNlYjY2MDI4NWQzIiwia2V5IjoiX2F1R1FJSUJJYktXN2wtM2Z5Y3g6MVdfSVF6SlpSUlcwY3ZOeTJyYlBSUSJ9
If you're running in Docker, copy the enrollment token and run:
`docker run -e "ENROLLMENT_TOKEN=<token>" docker.elastic.co/elasticsearch/elasticsearch:8.2.3`
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
配置文件里也多了一些内容
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 27-07-2022 16:34:57
#
# --------------------------------------------------------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
新增配置 ingest.geoip.downloader.enabled: false 关闭geoip更新。
关闭安全验证 xpack.security.enabled: false
如果不想使用https,修改
xpack.security.http.ssl:
enabled: false
-
重启es,访问
http://10.168.1.110:9200
就可以看到es的信息了。