1),一般启动关闭方式:
1、启动elastic
切换到elasticsearch安装目录的bin目录下,执行如下命令即可
./elasticsearch -d
-d "后台启动"
注意:新版本的Es是不支持liunx的root用户启动的,切换用户的命令如下:
su 用户名
2、启动可视化查询界面
切换到可视化界面kibana的bin命令下,执行如下命令即可
nohup ./kibana &
3、关闭elastic
(1)执行如何如下命令查询进程号
// elasticsearch前面的数字就是进程号
1)jps
// 第一条记录为elastic进程信息,第一列为elastic的用户,第二列为进程号
2)ps -ef | grep elastic
(2)根据进程号关闭elastic
kill -9 进程号
2),Centos7使用systemd 管理elasticsearch,创建elasticsearch服务
注意事项:
使用systemd 管理elasticsearch,需要注意三点:
1、创建系统服务的路径是
/usr/lib/systemd/system/elasticsearch.service
这个是绝对路径,而不是用相对路径/etc/systemd/system/
2、由于启动elasticsearch 需要普通用户,普通用户默认打开文件数是4096,远远不够,需要设置大点的数值
3、 设置service 下的type类型为simple,而不是很多教程上的fork,如果使用fork,当ES创建完子进城后,父进程会退出,你看到的就是 ES一直在不停的重启。以下是常见几种type的介绍:
[Service]区块用来 Service 的配置,只有 Service 类型的 Unit 才有这个区块。它的主要字段如下。
Type:定义启动时的进程行为。它有以下几种值。
Type=simple:默认值,执行ExecStart指定的命令,启动主进程
Type=forking:以 fork 方式从父进程创建子进程,创建后父进程会立即退出
Type=oneshot:一次性进程,Systemd 会等当前服务退出,再继续往下执行
配置elasticsearch 为系统服务分为3步:
1、写配置文件:
vi /usr/lib/systemd/system/elasticsearch.service
[Unit]
Description=elasticsearch
After=network.target
[Service]
Type=simple
User=esuser
Group=esuser
LimitNOFILE=100000
LimitNPROC=100000
Restart=no
ExecStart=/usr/local/elasticsearch-7.9.3/bin/elasticsearch -d
PrivateTmp=true
[Install]
WantedBy=multi-user.target
2、重新加载 systemctl服务
systemctl daemon-reload
3、设置开机启动并启动ES服务
+++++++++++
3),elasticsearch开启账号密码访问
为了提高使用ES的安全性,我们需要自己进行ES的相关配置,开启鉴权登录。
ES配置步骤:
1、需要在配置文件中开启x-pack验证, 修改config目录下面的elasticsearch.yml文件,在里面添加如下内容:
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
2、重启Elasticsearch
3、进入elasticsearch/bin目录,执行
./elasticsearch-setup-passwords interactive
如果提示connect failed,可以尝试 ./elasticsearch-setup-passwords interactive -u 'http://[ip]:9200
[esuser@dominic elasticsearch-7.14.2]$ /usr/local/elasticsearch-7.14.2/bin/elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
passwords must be at least [6] characters long
Try again.
Enter password for [apm_system]:
Reenter password for [apm_system]:
Passwords do not match.
Try again.
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
wget 验证:
[root@dominic ~]# wget http://192.168.56.103:9200
--2022-10-18 17:53:12-- http://192.168.56.103:9200/
Connecting to 192.168.56.103:9200... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
-- 没有输入密码,验证失败:
[root@dominic ~]# wget --user elastic --password elastic#123 http://192.168.56.103:9200
--2022-10-18 17:53:34-- http://192.168.56.103:9200/
Connecting to 192.168.56.103:9200... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to 192.168.56.103:9200.
HTTP request sent, awaiting response... 200 OK
Length: 532 [application/json]
Saving to: ‘index.html’
100%[=================================>] 532 --.-K/s in 0s
2022-10-18 17:53:34 (181 MB/s) - ‘index.html’ saved [532/532]
--输入密码,验证成功(wget --help 可以查看参数)
curl验证:
--未输入验证auth
[esuser@dominic ~]$ curl 192.168.56.103:9200/_cat/shards
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/_cat/shards]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/_cat/shards]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}
--curl 输入对应密码:
[esuser@dominic ~]$ curl --user elastic 192.168.56.103:9200/_cat/shards
Enter host password for user 'elastic':
.tasks 0 p STARTED 4 15.4kb 192.168.56.103 dominic-1
.async-search 0 p STARTED 6 9.7kb 192.168.56.103 dominic-1
.security-7 0 p STARTED 55 268.7kb 192.168.56.103 dominic-1
kibana_sample_data_logs 0 p STARTED 14074 8.2mb 192.168.56.103 dominic-1
.ds-ilm-history-5-2022.10.18-000001 0 p STARTED 192.168.56.103 dominic-1
.apm-custom-link 0 p STARTED 0 208b 192.168.56.103 dominic-1
kibana_sample_data_flights 0 p STARTED 13059 5.3mb 192.168.56.103 dominic-1
.kibana_7.14.2_001 0 p STARTED 193 3.3mb 192.168.56.103 dominic-1
.kibana_security_session_1 0 p STARTED 192.168.56.103 dominic-1
.geoip_databases 0 p STARTED 41 38.9mb 192.168.56.103 dominic-1
.kibana_task_manager_7.14.2_001 0 p STARTED 15 992.9kb 192.168.56.103 dominic-1
.apm-agent-configuration 0 p STARTED 0 208b 192.168.56.103 dominic-1
kibana_sample_data_ecommerce 0 p STARTED 4675 3.8mb 192.168.56.103 dominic-1
.kibana-event-log-7.14.2-000001 0 p STARTED 3 16.4kb 192.168.56.103 dominic-1
[esuser@dominic ~]$ curl --user elastic:elastic#123 192.168.56.103:9200/_cat/shards
.tasks 0 p STARTED 4 15.4kb 192.168.56.103 dominic-1
.async-search 0 p STARTED 6 9.7kb 192.168.56.103 dominic-1
.security-7 0 p STARTED 55 268.7kb 192.168.56.103 dominic-1
kibana_sample_data_logs 0 p STARTED 14074 8.2mb 192.168.56.103 dominic-1
.ds-ilm-history-5-2022.10.18-000001 0 p STARTED 192.168.56.103 dominic-1
.apm-custom-link 0 p STARTED 0 208b 192.168.56.103 dominic-1
kibana_sample_data_flights 0 p STARTED 13059 5.3mb 192.168.56.103 dominic-1
.kibana_7.14.2_001 0 p STARTED 193 3.3mb 192.168.56.103 dominic-1
.kibana_security_session_1 0 p STARTED 192.168.56.103 dominic-1
.geoip_databases 0 p STARTED 41 38.9mb 192.168.56.103 dominic-1
.kibana_task_manager_7.14.2_001 0 p STARTED 15 992.9kb 192.168.56.103 dominic-1
.apm-agent-configuration 0 p STARTED 0 208b 192.168.56.103 dominic-1
kibana_sample_data_ecommerce 0 p STARTED 4675 3.8mb 192.168.56.103 dominic-1
.kibana-event-log-7.14.2-000001 0 p STARTED 3 16.4kb 192.168.56.103 dominic-1
4,Kibana配置步骤
截止到目前Elasticsearch的部分已经修改完毕,下面修改kibana配置以便于让其和Elasticsearch完成连接。
1、修改配置文件
修改kibana的配置文件config/kibana.yml在配置文件中添加下面内容
elasticsearch.username: "kibana_system"
elasticsearch.password: "kibana_system#123"
kibana 使用ps -ef|grep kibana是查不到进程的,因为其实运行在node里面。但是我们也不能关闭所有node里面的软件,所以我们需要查询kibana监听端口5601的进程。
使用kill命令关闭Kibana
此时访问kibana(http://192.168.56.103)会提示需要输入账号密码。注意此时需要输入的是elasticsearch的用户密码。