1、环境可以在同一台集群上搭建elastic,也可以在三台机器上搭建,这次演示的是在同一台机器搭建机器。
2、下载elastic :https://www.elastic.co/cn/downloads/past-releases#elasticsearch
2、
tar -zxvf elasticsearch-xxx-版本
cd elasticsearch-8.10.3
# 创建data目录(data目录后来用来设置保存数据路径,如果要保存在其他路径,
# 需要创建该目录保证该目录存在,不然会启动报错)
mkdir data
# 创建目录好后进入config
cd config
# 编辑jvm.options设置合理参数,参数如下图
vim jvm.options
#安装服务器内存来设置即可
-Xms4g
-Xmx4g
[root@xxx data]# cat elasticsearch-node1/config/elasticsearch.yml
cluster.name: es-cluster
node.name: node-1
path.data: /data/elasticsearch-node1/data
path.logs: /data/elasticsearch-node1/logs
network.host: 0.0.0.0
http.port: 9201
discovery.seed_hosts: ["10.1.34.8:9301", "10.1.34.8:9302","10.1.34.8:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
enabled: true
keystore.path: /data/elasticsearch-node1/config/certs/http.p12
truststore.path: /data/elasticsearch-node1/config/certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: /data/elasticsearch-node1/config/certs/elastic-certificates.p12
truststore.path: /data/elasticsearch-node1/config/certs/elastic-certificates.p12
http.host: [_local_, _site_]
ingest.geoip.downloader.enabled: false
xpack.security.http.ssl.client_authentication: none
# 编辑
vim /etc/security/limits.conf
# 添加以下内容
* soft nofile 65536
* hard nofile 131072
* soft nproc 65536
* hard nproc 65536
# 编辑
vim /etc/sysctl.conf
# 添加以下内容
vm.max_map_count = 6553600
立即生效:
sysctl -p |
4、新增用户
useradd es
groupadd es
chown -R es:es elasticsearch-node1 elasticsearch-node2 elasticsearch-node3
#----------------------
#切换用户
su es
# 签发ca证书 直接敲回车 不需要输入密码
bin/elasticsearch-certutil ca
# 用ca证书签发节点证书 敲三次回车
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
# 将生成的证书文件移动到config/certs目录中
mv elastic-certificates.p12 config/certs
#----------------------
# 签发Https证书
bin/elasticsearch-certutil http
#----------------------
关键环节如下:
Generate a CRS? [y/n]n (是否发送认证证书请求)
Use an existing CA? [y/n]y (是否使用已存在的CA证书)
CA Path: certs/elastic-stack-ca.p12 (CA证书路径)
Password for elastic-stack-ca.p12: (输入CA证书密码、上面生成CA证书未设置密码、直接回车)
For how long should your certificate be valid: [5y] 20y (输入证书使用年限)
Generate a certificate per node: [y/n] n(是否每个节点都 生成证书)
Enter all the hostnames that you need,one per line. (输入主机名称、回车)
when you are done,press <enter> once more to move on to the next step
es01(可以不填写,安装具体集群主机名填写